Awesome machine, had a lot of fun even tho I felt frustrated sometimes. Thanks to @ZerkerEOD@kr0gh@xdaem00n and @r4w47 for the tips. I want to share some tips so people don’t struggle as much as I did :
The website gives you creds so log into the secure service
Once you’re there ask for help so you know what you can do. Don’t focus only on this service since the secure service interacts directly with the web service (Don’t forget your punctuation )
Retrieve interesting files, specially one with a strange extension
Tunnel time (There are a lot of resources out there about this topic)
Log in and read the code of all the files. Inspect the grayed out element and make some changes, upload your file and get a shell.
Root time. This is the hardest part yet the best. You’ll see that you can run some commands as privileged user. Google it and don’t overthink it.
Have fun (If you think this post has spoilers feel free to report it)
Yes, it was long and hard trip for root.
I did not make the last step correctly and checked up for many hours my environment.
Read a lot about Linux repo structure and files, a lot of theory and details.
I would prefer not to learn of course so deep but you do not know which small step is necessary to pass the challenge. And I praise myself that I did the last small step by myself.
And many thanks and big respect to all hackers on the forum for all hints and recommendations.
And hats off to those pioneers who could pass this box on the first try.
a-g up**** starts asking me questions if I try to pass -o, and it seems to ignore A**_*****G despite what the documentation claims. I know what needs doing, just shaving yaks at this point, PM me if you’re feeling generous and want to drop me a hint.
I am completely lost on this one! I have SFTP access… i can “proxy commands” using a SFTP flag but i can’t figure out how to tunnel correctly since i can’t get direct ssh connection!
I’ve even tried a tool i’ve used before, ch**el which helps with tunneling, and i was able to get it working, the client connects to my server but still cannot access the high port :-/
I have finally rooted it. What a box, epic, terrible, painfull, long, wonderfull… Thank to @bullsonparade , @m4xp0wer, @sv1 for their valuable hints and support.
Looking for a nudge on a**-g** vector. Also, I think I blew by user flag =/
I’m working with the shell after plugin upload. Any help would be greatly appreciated.
PS: i linked /etcTill now i have the SFTP creds, and i am able to upload files and view it in the browser. Also I have tried linking a few files and accessing it. Succeded. But now i am kinda lost. I don’t know what EXACTLY i should do./passwd to see the list of all users.
Stuck on the final step, aka root via -***. Please DM me with details, feel like I am just banging my head against the wall and thinking just the syntax is the problem