I am having a very hard time figuring out root. Have been messing with it for the past couple days. I’ve managed to spot some processes that are of interest but I just cannot figure out to make them work towards my advantage. Any nudges will probably help. Losing my mind!
got the user flag and am now stuck at root. I see writable directories, looked at what binaries ran but can’t find a way to replace one or “jump the queue”. Any tips?
Can anyone help me a bit with root? I read the comments and I understand the priority of the PATH. I also got p**y running and see the tasks but can’t get an escalation…
I have a remote connection to the file system but it keeps crashing, is this due to someone exploiting the thing I’m currently trying to figure out to get root?
Ok, I have a question. I rooted the machine, but it would be impossible for me without reading this topic. How you guys come up with the idea like “oh, lets take a look at p*****s and then take a look at $P and so on to get root”?
USER OK, but root… impossible… I can not find any exploit for it, not for M****, not for 2, is my first machine, everyone say “It’s easy”, but I really dont think so… After many hours I m a litte bit… desperate, what to do with C* or with the rest of the proccess? Who knows…
User - Find the webpage by using our mechanic friend and then find the relative exploit, personally I never messed with the time variable and for cracking the salt/hash I saw a useful hint on here that stated use a ‘famous kali word list’ and I can confirm it works.
Using the creds you harvest? How did you find out the box had a webpage?
Root - Get a tool that shows background processes and watch. If you’re on VIP, generate traffic yourself, public? Just sit and watch.
After that, find out what root is doing upon traffic being generated and try exploit that.
And for the love of god please if you put root.txt in /tmp fucking remove it after you’ve copied the flag!!!
Oh man. I just spent so much time trying to crack the password with hashcat before taking a second look at the exploit script. facepalm Anyways, finally got user. Now on to root.
user - is relatively simple machine wappalyzer will help you out on getting what is running on the website so you can attack it, but remember sometimes credentials are used somewhere else.
root - there is a place where you can write that you shouldn’t be able to, that’s what will get you root, just use some enumeration scripts to find out where.