Writeup

Love it love it love it! Got tons of new knowledges about linux perms. Thank you @jkr!

User: u really don’t need dirb, all useful info you could find directly on the page.
Root: sit calm and enum yourself as user, what are you and what can you do in the system. Then you may look on running colored lines until you dawned on.
P.S. PM me if stuck

did someone crack with john/hashcat? would like to hear about that

@SpaceMoehre I used hashcat to crack the other way was taking too long

This was a fun box! I liked user and priv esc was good I learnt a few things. I got the flag first but my shell wouldn’t work for ages :lol:

Type your comment> @amk2 said:

Type your comment> @mrajput7 said:

I can’t find Credentials using the exploit as the server stops responding due to the DOS script implemented in it. Any nudges or help , please ?

Be sure to include the directory /w****** in the exploit.

I’m sure I need to be publicly shamed for whatever I’m missing, but I’m pretty sure I’ve got it pointed at the right spot, and stopped getting dropped by the server… but I’m getting blank returns? o_0

EDIT: Yeah, looks like I had the TIME value jacked up. Agreed that the output is pretty but I could have used some more comments in the script XD

guys any hints for the snake TIME(ing)? does it represent milliseconds, seconds, minutes??? im stuck on this somehow, i have been trying small numbers, big numbers, numbers separated with “:” yet it blocks me out for sometime

@anonymous187 said:

guys any hints for the snake TIME(ing)? does it represent milliseconds, seconds, minutes???

I had the same issue, I suggest looking at the script and seeing how the variable is used to inform your choice.

Rooted. Despite it’s easy rating this was quite tough.

My two cents for root: Don’t focus too much on what’s running in the /ro** directory. That stuff is relevant, but not as relevant as something else that runs.

Also pay attention to unusual directory permissions.

PM me for hints, though it takes me a while to respond

Rooted!

Loved the box! Thank you, @jkr
New skills learnt! Happy me!

Thanks to @illuminatiguy and @Silv3rDawg23 for the help!

Happy to assist anyone too :slight_smile:

Hi guys,

I would like some help, I’m stuck on root.

I have found two dirs where files are created after logging in.

But I’m not sure if this is the right track and what I can do with it. A bit of direction would help me further.

Type your comment> @MarcelBC said:

Hi guys,

I would like some help, I’m stuck on root.

I have found two dirs where files are created after logging in.

But I’m not sure if this is the right track and what I can do with it. A bit of direction would help me further.

trace, what greets you when you login

Edit: Got it. Thanks @bompie.

i’m working on user, i’m sure i’ve taken the right exploit, but i obtain always the same response: the server has closed the connection
i’ve tried with different values for TIME but nothing seems to work. only one time i got an
8 digits alphanumeric string but again that error appears.
What i’ve missed?

hey bud im on writeup and im trying to change the c*****b.d to make a reverse ROOT shell from its autorun props running in root giving me a root shell…but i cant edit the files am i on the right track?

Type your comment> @securekomodo said:

Just rooted. Took a while and went down 2 rabbit holes but found a way out.

Some tips:
Monitor/snoop processes and perform standard enumerations
Sort by which processes are running as root
What commandlines are they using? When do they occur? Are they called with absolute or relative paths?
What permissions do you have to the paths which you discovered?
How can you manipulate it to do what you want?

This should get you on your way :slight_smile:

^^ Keep saying it over and over again - READ THE DISCUSSION BEFORE attempting to hack the server. If only I’ve found this comment 3 hours ago :slight_smile:

Thank you very much dude! Respect !

PM me if you would need help with either user or root. Even though it is not exactly difficult box, you can easily end up in a rabbit hole, which is annoying…

Type your comment> @dividebyzer0 said:

Ubj nobhg lbh chg va gur rssbeg naq QB VG LBHEFRYS lbh ynml cvrpr bs fuvg?

Best comment ever :3
I needed a laugh today, thank you.

Just got user.txt
My hint for those who are stuck on the TIME parameter: read carefully the writeup which is not finished. It’s just right in front of you

am i the only one who didnt use time ■■■■ for user gain?

and could someone give hits for root priv please? could i do it by exploiting c*** ??? thanks

Type your comment> @SkoN said:

am i the only one who didnt use time ■■■■ for user gain?

I didn’t need to play with it either.