Writeup

PM if there is anyone who root or user other than obvious way, I would like to know other ways.

Just got the user.txt now time to find the root one :slight_smile:
Thanks to all clues display here, this help !

rooted. i used way to long to get that last bit. hahaha

So I am having a hard time tailoring the exploit used to get to user.txt… I am getting back

print “[+] Specify an url target”
^
SyntaxError: Missing parentheses in call to ‘print’. Did you mean print(“[+] Specify an url target”)?

Obviously, the exploit won’t work out of the box and I didn’t expect it to but I’m not sure how I can change it or what parameters its looking for cause I looked inside at the code and I thought I was modeling the command correctly. Can someone PM me and point me in the correct direction for this please?

Edit: Okay, so I read in the comments here that I should be using python2 rather than 3… Okkay, but I still get an error when importing modules

found the PATH and the executable10, would appreciate a nudge

Can someone please help me with a nudge with the exploit…having a hard time getting it to run without error or connection closing

I am trying to get a root shell using this guide, am I in a wrong direction?

@garnettk said:

I am trying to get a root shell using this guide, am I in a wrong direction?
Privilege Escalation via Python Library Hijacking | rastating.github.io
I think so - there seems to be a much easier way but I am also failing to get a grip on it. Using P***

Rooted ! What a fun box !

Got it - finally. Was messing around with too many things and forgot to focus on the essential. But learned a lot.

This is one of the first boxes I’ve attempted to hit. Like the tools I’m learning with it, and think I’m on the right track with the exploit I’m using for user. Could someone point me in the right direction on the variable that needs to be changed? Feels like I can only make one change that shows a difference in the console, but still outputting a bunch of 1’s

@sh13ld Thanks for the boost, finally got root.

Common guys, i have been on this box for a pretty long time. Days actually. I see the scripts running, i just dont know what to do with them.

i am stuck at CMS part i have the login page but stuck how to get creds help me with that

@sh13ld said:
Who need help with writeup machine, PM me

check pm

i uploaded a reverse shell executable to a certain PATH, after running the pspy script, then i got a reverse meterpreter session for 2 seconds and it died. Consequent attempts did not give me a shell and resulted in failures as well.

OMFG!!! I spent days down many rabbit holes (not proud of)… Just a hint: it’s much easier than you think. :wink:

Finally rooted.
Was on the right path but using a binary that was not even there. :smiley:
Thanks @CrystalSage for that nudge.

Advice for root: Dont think too much. Follow what the forum is saying and choose the right PATH. If you choose it you will find some silly permissions, use them to hijack something.

Finally Rooted! Thanks for all your help guys!. PM if need help.

Completely lost…

Can you guys tell me if the file c*****p.pl matters to get root?