Just rooted. Took a while and went down 2 rabbit holes but found a way out.
Some tips:
Monitor/snoop processes and perform standard enumerations
Sort by which processes are running as root
What commandlines are they using? When do they occur? Are they called with absolute or relative paths?
What permissions do you have to the paths which you discovered?
How can you manipulate it to do what you want?
i’ve been working on this box for quite awhile now and i don’t know if it’s just my lack of knowledge or if i’m just overlooking things ive found the other directory but its just a bunch of writeups for different boxes if someone could point me in the right direction id love you forever
i think i found creds but now i need some assistance with cracking the salted hash
Fun box. Very realistic! Went down a rabbit hole on root. Was on the right track, like many others I bet, but was focusing on the wrong “stuff to look at”. Thanks to @Mab and @Meeryr
Not sure what I’m missing. I’ve gotten the password/salt and successfully decrypted it. Password makes sense, so I’m fairly certain I didn’t screw that part up. When I try to login to though, it doesn’t work. Anyone that’s gotten user have a moment to give me a prod?
Getting user was beautiful, and the first time I have used that particular type of flaw.
Root was fairly time consuming, as the particular instance I was on was very quiet. It’s much easier to spot if you’re in a busy server.
User:Try to find a common file in webservers, usually associated with privacy / security of the site. After that, if you did not find the exploit that was quoted by other people, it’s wise to check if your exploit search program is up to date.
Root: Monitor processes closely while generating traffic to the machine (if you are a VIP). Pay attention to the action that is triggered by this traffic.
Got my 20 points for this fantastic and realistic box. Thanks @jkr for the work <3
User part is quite easy with the right exploit. There was mentioned a very handy Firefox extension that helped me to enumerate the needed information.
Root part was extremely tricky for me. I fell in so many rabbit holes. But thanks to the hint from @1NC39T10N i was able to get back on track. His/Her nudge is very handy if you are on a vip box.
@1NC39T10N said:
Root is tricky to find if others are not on the box IMO. Use the tool already mentioned
to monitor processes, but generate traffic to the box while this is running using the VERY
last step needed to get user. Observe the process, and consider how to leverage.
A very big shoutout to @Almadjus who helped me when i was completely stuck in the rabbit holes and remind me to double check the things.
Many Thanks Mab for your support!
Is there another way for rooting other than the one described here? I found it CTF like, how the first one linked the monitoring processes and the trigger !