Teacher

Can anyone give me a nudge on getting a shell when ROOT?

I’ve got root.txt - just trying to see how I can get the RCE part.

Got root, it’s a nice box starts to feel a lot more logical after the initial foothold has been gained. Feel free to PM me for hints.

if u need any help let me know via pms, will give hints

Would anyone mind discussing root shell with me? -c* and -c*-a* do not seem to be executing simple commands.

PM me for help to get root shell

The moral of the story for getting user is prepare to spend time enumerating file contents after normal enumeration to find the next steps forward from unprivileged all the way to user.txt. Time to go for root and hopefully level up!

root@teacher:~# id
uid=0(root) gid=0(root) groups=0(root)

PM for help, happy to do so!

stuck at root… pm with little hint is very appreciated :slight_smile:
Edit: got root.txt with a little help, but still don’t understand some things. PM me is willing to discuss (also interessted in how to get shell, had a nearly working approach, but 1 bit was missing )
Edit1: Managed to get root shell… still 1 thing remains a mistery to me.

Got root.txt , feel free to message for help

got the credentials, but where do I use them, I’ve tried to use dirbuster to get to another webpage for a possible portal login, can’t find it, also I’ve noticed that SSH ports are closed? Any pointers please.

I really wanna get this done before it gets taken down. Im on the RCE part and just getting syntax errors. Im sure its something minor. Anyone mind PM me for a hint?

Did anyone get the wild technique working on this? Really interested to know if it works on this machine. If I manually run the command it will work but the script which dumps the file doesn’t seem to be using the flags?? I cant seem to find the file or job that runs automagically.

got shell, already found how im gonna get root, but just cant find how to logon to user g**** i would appreciate some help!

Type your comment> @w41l3r said:

got shell, already found how im gonna get root, but just cant find how to logon to user g**** i would appreciate some help!

Pm me I’ll help you…

i got username G******* and incomplete password T*******. but bruteforcing the page /mo***/lo**.php doesnt seem to work

I got shell, and have been enumerating the m***** folder for the md5 im suppose to be looking for. I must be blind or just sleepy cause im not seeing it. Can someone pm me?

Hello

Any suggestion to find the user and pass of m*d**

Greetings

Let me clear some things up about the initial part that a lot of people label as CTFish. The message I’m trying to broadcast is to always approach a website with your console open. I came up with the idea because of an assessment I did for a client of the company I work for, and managed to find a nice xss. I wouldn’t have found it if I didn’t observe the console thoroughly.

Type your comment> @Gioo said:

Let me clear some things up about the initial part that a lot of people label as CTFish. The message I’m trying to broadcast is to always approach a website with your console open. I came up with the idea because of an assessment I did for a client of the company I work for, and managed to find a nice xss. I wouldn’t have found it if I didn’t observe the console thoroughly.

Thnks @Gioo for awsome and easy box learn about symbolic link ???

I was on the last step as it reset. Learned alot from this box. Thanks @Gioo