Nice Box !
User : Nice privesc w*******a to user.
root : Hard for me, I was in the good way but I lost timeā¦ Enumerate
I learn a lots for the root
thx for this box
DM me if you need
Nice Box !
User : Nice privesc w*******a to user.
root : Hard for me, I was in the good way but I lost timeā¦ Enumerate
I learn a lots for the root
thx for this box
DM me if you need
After digging myself into a hole, I got user and root in quick succession.
I definately learned alot about linux service management on this one. Kudos to the box creators, it was fun
Taught me something new, thanks so much for the box manulqwerty and Ghostpp7 \m/
Thanks to @albertojoser for tips that pointed me in the right direction and got me unstuck.
I didnāt get banned despite all my efforts - so still not sure what would trigger that?
For root - comment by @rub1ks (my thanks) pretty much tells you how.
rooted. had to restart it, because I couldnāt get a stable shell which - in my case - is a must to root this machine.
Rooted, if anyone needs help, DM me
I didnāt get banned despite all my efforts - so still not sure what would trigger that?
I wonāt post the exact specifics, but from looking at the code it appears that you have to make X number of requests which are flagged within Y seconds. If that happens, youāll get a 90 second ban.
Basically, a targeted attack is more likely to work than having an automated tool send a bunch of random probes which is likely to trigger the ban.
@ad1337 said:
rooted. had to restart it, because I couldnāt get a stable shell which - in my case - is a must to root this machine.
Depending what point youāre at in the process, you can potentially also echo a key into authorized_hosts at which point you can just ssh in.
any nudge for initial foothold would be appreciated.
Hint for foothold:
Scope out the entire hotel, donāt forget to check every āroomā
Wow, Jarvis is fun, but I canāt make much progress. The server is getting beaten too badly by people. Crawls, then gets reset, crawls, reset, etc. Guess I can wait until things calm down. Or go VIP again. Iām not going to spoil anything, but hereās a tip. If you look up Infoblox NetMRI 7.1.4 Shell Escape / Privilege Escalation, you might just learn something, about yourself no not really, more about shells.
This was a good oneā¦ Learnt alotā¦ Can PM me for help if you want
checked each one of them, but still stuck
this hurts meā¦ can some one give me a nudge pls. btw am at the beginning after decoding
Rooted! Fun box, and learned a ton, especially during root.
Thanks to all who helped.
I found s*****r.py and got stuck. Please give me a hint to solve the user(PM).
Rooted. Took longer than expected with work days lasting so long recently. Only worked on the box ~20-30 minutes at a time. Still, smooth and simple and Iām thankful for a break from some of these head banging machines.
Props to @manulqwerty and @Ghostpp7 for rolling out a box that can teach a lot for people just getting into this stuff, while also keeping it concise enough that you donāt tread too far away from the final objective. Kudos.
There are some really great hints already here in the forum too. If you find yourself really struggling after too much ātry harder-[ing]ā, then feel free to reach out if you need help, as well.
learned from this box, google is your friend b**h command substitution
Rooted. Fun and simple.
Hints:
Feel free to PM if youāre stuck