Writeup

Rooted! Easy box.Thanks @jkr

got root…pm for hint…

Rooted!
Thanks @jkr for a very fun box!

Type your comment> @emmycat said:

Type your comment> @dividebyzer0 said:

Ubj nobhg lbh chg va gur rssbeg naq QB VG LBHEFRYS lbh ynml cvrpr bs fuvg?

Best comment ever :3
I needed a laugh today, thank you.

Brilliant xD

Type your comment> @1uffyD9 said:

Type your comment> @acidbat said:

 Type your comment> @1uffyD9 said:
 > Type your comment> @acidbat said:
 > > Hi everyone,
 > > I’m very stuck on user...
 > > 
 > > Been reading the posts here and trying to figure out the hints...
 > > 
 > > I found the authentication page in /wr**u/a***n
 > > And thought, ok this I could logon to using metasploit (as in locating the creds)
 > > But no success (I used the common wordlists with kali)
 > > 
 > > I also found the exploit for the certain app being used for the site (well it looks like the exploit that everyone is referring to) but looking at the code it seems I need to get some more info from the site to add to the code.
 > > That info I think is part of getting access to the site mentioned at the start of my comment.
 > > 
 > > So any hint/nudge for me to get user?
 > > Am I on the right track?
 > 
 > DId you run the script without any arguments?? what it says??

 Was actually the wrong exploit.
 Think I got the correct one now, and now I get the TIMED hints. ?

 Back to trial and errors :)

You’ll get that… :smiley: :smiley: um sure… keep trying … heheee :smiley:

Sigh, banging my head on the TIMED…
Doesn’t matter what I enter it goes speedy fast and server will close connection.

Trying to understand the hints, looking at source page, inspecting but I must be very blind…

Any nudge(s) x2-3?

Thanks to a post from @BashShabakate0 I finally saw the thing I’d been pspy’ing for. I really enjoyed this box, especially for the linux priv esc practice.

Root was easy but nice

Very nice box and really interesting exploit :slight_smile:

Type your comment> @thegingerninja said:

Thanks to a post from @BashShabakate0 I finally saw the thing I’d been pspy’ing for. I really enjoyed this box, especially for the linux priv esc practice.

welcome :slight_smile:

Can someone pls give me a nudge on how to get root. Got p*** running and see a potential thingy but don’t know how to advance…
Help would be appreciated!

Type your comment> @Center said:

Can someone pls give me a nudge on how to get root. Got p*** running and see a potential thingy but don’t know how to advance…
Help would be appreciated!

you should hijack some script
maybe run p*** and re-login from another tap will be a good idea
and watching of course

Managed to get root flag, would however like to get a root shell but not sure how, tried several ideas but all failed. Any ideas?

Rooted finally, nice machine and interesting exploits both user and root.
Thanks to @BashShabakate0 to drive me in the correct way to get user access.

Stuck on user still, not sure if im going down rabbit hole, found w******/an, tried using burp, idk if ap_get_bic_a**_pw() is supposed to be used, or even how to use it. Anyone able to help?

Stuck on root forever. Guess I’m thinking about it way too hard

Type your comment> @Rexzyy said:

Stuck on root forever. Guess I’m thinking about it way too hard
Since everyone knows you have to use pspy64 here, I’d suggest looking only at root processes… you can simply save them to a file, grep UID=0 and leave only unique ones. than just carefully examine each one of them over and over.

Stuck on root. I already ran p**y and I think I know what to do but it’s not working. Could someone pm me a nudge? Thanks!

Edit: Rooted, not as easy as everyone says just keep looking into what is writeable.

Finally rooted. Thanks @marine for the hint. Feel free to PM for hints!

I have the cms name, just dont know how to proceed from there. Tried 2 exploits on the cms and nothing happened.

Type your comment> @AjackX said:

Stuck on root. I already ran p**y and I think I know what to do but it’s not working. Could someone pm me a nudge? Thanks!

same here someone please help