Writeup

Type your comment> @jimmie4 said:

can i get some assistance with root please i’ve been struggling for 6 hours

What is the first thing we see when we ssh in the server. What process is responsible for that? Monitor the PATH. Google about path priorities! The rest will be smooth as a sbin

@illuminatiguy i understand what i have to do but i just cant get it to work

Type your comment> @jimmie4 said:

@illuminatiguy i understand what i have to do but i just cant get it to work

What have you tried till now? Do you have a directory with write access?

@illuminatiguy i try dropping reverse shell but it either doesn’t work or when netcat pickes it up it freezes

Type your comment> @jimmie4 said:

@illuminatiguy i try dropping reverse shell but it either doesn’t work or when netcat pickes it up it freezes

try metasploit !! ALways works

Got root !!
Thanks to @DaChef for nudge on root !!

Danke @jkr cool box

I am not sure if I am using the right exploit for getting past the /w**p/an. I definitely hit a wall. I need a serious hint.

Could I get a pointer for root please? I’m pretty sure I know what I’m supposed to be looking at but not sure how to exploit…

@jkr that pass seems handpicked

Love it love it love it! Got tons of new knowledges about linux perms. Thank you @jkr!

User: u really don’t need dirb, all useful info you could find directly on the page.
Root: sit calm and enum yourself as user, what are you and what can you do in the system. Then you may look on running colored lines until you dawned on.
P.S. PM me if stuck

did someone crack with john/hashcat? would like to hear about that

@SpaceMoehre I used hashcat to crack the other way was taking too long

This was a fun box! I liked user and priv esc was good I learnt a few things. I got the flag first but my shell wouldn’t work for ages :lol:

Type your comment> @amk2 said:

Type your comment> @mrajput7 said:

I can’t find Credentials using the exploit as the server stops responding due to the DOS script implemented in it. Any nudges or help , please ?

Be sure to include the directory /w****** in the exploit.

I’m sure I need to be publicly shamed for whatever I’m missing, but I’m pretty sure I’ve got it pointed at the right spot, and stopped getting dropped by the server… but I’m getting blank returns? o_0

EDIT: Yeah, looks like I had the TIME value jacked up. Agreed that the output is pretty but I could have used some more comments in the script XD

guys any hints for the snake TIME(ing)? does it represent milliseconds, seconds, minutes??? im stuck on this somehow, i have been trying small numbers, big numbers, numbers separated with “:” yet it blocks me out for sometime

@anonymous187 said:

guys any hints for the snake TIME(ing)? does it represent milliseconds, seconds, minutes???

I had the same issue, I suggest looking at the script and seeing how the variable is used to inform your choice.

Rooted. Despite it’s easy rating this was quite tough.

My two cents for root: Don’t focus too much on what’s running in the /ro** directory. That stuff is relevant, but not as relevant as something else that runs.

Also pay attention to unusual directory permissions.

PM me for hints, though it takes me a while to respond

Rooted!

Loved the box! Thank you, @jkr
New skills learnt! Happy me!

Thanks to @illuminatiguy and @Silv3rDawg23 for the help!

Happy to assist anyone too :slight_smile:

Hi guys,

I would like some help, I’m stuck on root.

I have found two dirs where files are created after logging in.

But I’m not sure if this is the right track and what I can do with it. A bit of direction would help me further.