Teacher

1131415161719»

Comments

  • I need some hint for getting root, I know the things that happen on the user home but I dont know how I can exploit them

  • edited April 2019

    I'm trying to get user for 2 days now.. need to get back to work but can't before I haven't finished this damn box :tired_face:

    Can somebody PM me some hints for getting user.txt?

    I've got low priv shell and access to the service which is connected to the m*****e site

    Edit: nevermind. got user AND root in under 5mins after posting this.. it was in plain sight all along

  • Type your comment

  • Type your comment> @mrinsideout said:

    I need some hint for getting root, I know the things that happen on the user home but I dont know how I can exploit them

    Got root. Thanks to @steed, @cyberus17 and @jattion

  • Can anyone give me a nudge on getting a shell when ROOT?

    I've got root.txt - just trying to see how I can get the RCE part.

  • Got root, it's a nice box starts to feel a lot more logical after the initial foothold has been gained. Feel free to PM me for hints.

    LordImhotep
  • if u need any help let me know via pms, will give hints

    v1ew-s0urce.flv
  • Would anyone mind discussing root shell with me? -c* and -c*-a* do not seem to be executing simple commands.
  • PM me for help to get root shell

  • The moral of the story for getting user is prepare to spend time enumerating file contents after normal enumeration to find the next steps forward from unprivileged all the way to user.txt. Time to go for root and hopefully level up!

  • [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)

    PM for help, happy to do so!

  • edited April 2019

    stuck at root.. pm with little hint is very appreciated :)
    Edit: got root.txt with a little help, but still don't understand some things. PM me is willing to discuss (also interessted in how to get shell, had a nearly working approach, but 1 bit was missing )
    Edit1: Managed to get root shell... still 1 thing remains a mistery to me.

  • edited April 2019

    Got root.txt , feel free to message for help

  • got the credentials, but where do I use them, I've tried to use dirbuster to get to another webpage for a possible portal login, can't find it, also I've noticed that SSH ports are closed? Any pointers please.

  • I really wanna get this done before it gets taken down. Im on the RCE part and just getting syntax errors. Im sure its something minor. Anyone mind PM me for a hint?

    veepn

  • Did anyone get the wild technique working on this? Really interested to know if it works on this machine. If I manually run the command it will work but the script which dumps the file doesn't seem to be using the flags?? I cant seem to find the file or job that runs automagically.

    blacksh33p
    OSCP | CEH | CCNA Security and R&S | Sec+ | MCSE

  • got shell, already found how im gonna get root, but just cant find how to logon to user g**** i would appreciate some help!

  • Type your comment> @w41l3r said:

    got shell, already found how im gonna get root, but just cant find how to logon to user g**** i would appreciate some help!

    Pm me I'll help you....

  • i got username G******* and incomplete password T*******. but bruteforcing the page /mo*/lo.php doesnt seem to work

  • I got shell, and have been enumerating the m***** folder for the md5 im suppose to be looking for. I must be blind or just sleepy cause im not seeing it. Can someone pm me?

    veepn

  • Hello

    Any suggestion to find the user and pass of m*d**

    Greetings

  • edited April 2019

    Let me clear some things up about the initial part that a lot of people label as CTFish. The message I’m trying to broadcast is to always approach a website with your console open. I came up with the idea because of an assessment I did for a client of the company I work for, and managed to find a nice xss. I wouldn’t have found it if I didn’t observe the console thoroughly.

  • Type your comment> @Gioo said:
    > Let me clear some things up about the initial part that a lot of people label as CTFish. The message I’m trying to broadcast is to always approach a website with your console open. I came up with the idea because of an assessment I did for a client of the company I work for, and managed to find a nice xss. I wouldn’t have found it if I didn’t observe the console thoroughly.

    Thnks @Gioo for awsome and easy box learn about symbolic link 😇😇😇
  • I was on the last step as it reset. Learned alot from this box. Thanks @Gioo

    veepn

Sign In to comment.