Writeup

hi guys,I can’t find anything specific when I monitor via pspy.Just cron runs and that’s it.What am I missing,any nudge please

root: with what extension is this process? .py .sh?
how often does it work?

I can see that under pspy,it runs a script called 1*-u**me.But both file and path owned by root,doesn’t let edit or create other file.Am I in a rabbithole or no?

WOW I am an idiot. I won’t lie it’s taken me days to get root on this box because I was looking in so many different places. When I finally worked out what to do I tried all manner of different methods but none would persist or give me what I needed!

Hint for ROOT: Once you work out what you need to do and where the simplest most basic scripts are often the most elegant.

Can some pro hold this noobs hand over direct message? Pretty sure I am close to root - just cant manage.

Type your comment> @Tugzen said:

hi guys,I can’t find anything specific when I monitor via pspy.Just cron runs and that’s it.What am I missing,any nudge please

Try to wait a few moments while it runs and then connect to SSH again with a terminal session and then examine what pops up in pspy

elcapitan17> @xdaem00n said:

Type your comment> @Tugzen said:

hi guys,I can’t find anything specific when I monitor via pspy.Just cron runs and that’s it.What am I missing,any nudge please

Try to wait a few moments while it runs and then connect to SSH again with a terminal session and then examine what pops up in pspy

Thanks

Would be very appreciated if someone could give me a hint about the output from pspy. Everything I’ve tried so far I can’t touch without root. (: Msg me

privesc is killing me! I’ve used tool mentioned in her to view root processes… used the specific service to generate processes for that tool… i’ve looked into each command picked up by the tool to see if i can alter anything… I’ve altered PATH hoping to affect one of the commands that are not using absolute path… i’m pretty defeated at this point… some1 please help… ive been stuck on this for days

Fun box, learned a lot!

Thanks everyone for the hints on here, really helped me along.

Root was a bit of a pain even after I saw what I was overlooking, but not too bad.

Rooted thank to @BINtendo

Hint for root:
TSp0KiAKd2hhdCBjYW4geW91IHJlYWQKV2hhdCBjYW4geW91IHdyaXRlIApEaXJlY3QgcGF0aD8KSW4qZSp0IGEqYXkgeFA

Type your comment> @thePtrPn said:

Rooted thank to @BINtendo

Hint for root:
TSp0KiAKd2hhdCBjYW4geW91IHJlYWQKV2hhdCBjYW4geW91IHdyaXRlIApEaXJlY3QgcGF0aD8KSW4qZSp0IGEqYXkgeFA

Thanks for the advice, will try to use it :smiley:

I believe this is the only sploit that has TIME. i played on it use the magic number i got when nmapping but it goes superfast ang got refused. Insert some sleeps to throttle down but didnot help me. Can someone dm me or someone offer that i can dm them?

Guys i’m stuck with user flag! I know that i have to enum/spider the host but unfortunately i can’t use dirb as we know so i tried with burp buuttt burp suite 2.x 's spider seems to not work anymore :frowning: Any tip?

The first step is guessing a directory, the box name hints this as does some of the text on the index page. From here you should be able to make some progress (again without dirb).

Type your comment> @DAAAALY said:

The first step is guessing a directory, the box name hints this as does some of the text on the index page. From here you should be able to make some progress (again without dirb).

Oh wait yes i found that directory! What’s next? :frowning: Should i work with the request?

Guys, I am stuck at root part. I have done my enumeration with pspy but no luck. Tried to change path but no luck. Kindly help me for root. Please PM me

Managed to get the cred. Now using h…t, will i be able to obtain the required cred using a kali virtualbox? Im not sure because it says 100% but it loops… :confused:

Type your comment> @83114C140 said:

Type your comment> @DAAAALY said:

The first step is guessing a directory, the box name hints this as does some of the text on the index page. From here you should be able to make some progress (again without dirb).

Oh wait yes i found that directory! What’s next? :frowning: Should i work with the request?

It says it’s not made with VI, maybe it’s using something to manage the pages… dig around.

Hey guys,
Stuck with root since 3 days, I believe I am so close to get it, but I miss something.
Ran pspy and noticed the odds, the permissions, but stuck with manipulating things.

I appreciate a nudge here.