Writeup

elcapitan17> @xdaem00n said:

Type your comment> @Tugzen said:

hi guys,I canā€™t find anything specific when I monitor via pspy.Just cron runs and thatā€™s it.What am I missing,any nudge please

Try to wait a few moments while it runs and then connect to SSH again with a terminal session and then examine what pops up in pspy

Thanks

Would be very appreciated if someone could give me a hint about the output from pspy. Everything Iā€™ve tried so far I canā€™t touch without root. (: Msg me

privesc is killing me! Iā€™ve used tool mentioned in her to view root processesā€¦ used the specific service to generate processes for that toolā€¦ iā€™ve looked into each command picked up by the tool to see if i can alter anythingā€¦ Iā€™ve altered PATH hoping to affect one of the commands that are not using absolute pathā€¦ iā€™m pretty defeated at this pointā€¦ some1 please helpā€¦ ive been stuck on this for days

Fun box, learned a lot!

Thanks everyone for the hints on here, really helped me along.

Root was a bit of a pain even after I saw what I was overlooking, but not too bad.

Rooted thank to @BINtendo

Hint for root:
TSp0KiAKd2hhdCBjYW4geW91IHJlYWQKV2hhdCBjYW4geW91IHdyaXRlIApEaXJlY3QgcGF0aD8KSW4qZSp0IGEqYXkgeFA

Type your comment> @thePtrPn said:

Rooted thank to @BINtendo

Hint for root:
TSp0KiAKd2hhdCBjYW4geW91IHJlYWQKV2hhdCBjYW4geW91IHdyaXRlIApEaXJlY3QgcGF0aD8KSW4qZSp0IGEqYXkgeFA

Thanks for the advice, will try to use it :smiley:

I believe this is the only sploit that has TIME. i played on it use the magic number i got when nmapping but it goes superfast ang got refused. Insert some sleeps to throttle down but didnot help me. Can someone dm me or someone offer that i can dm them?

Guys iā€™m stuck with user flag! I know that i have to enum/spider the host but unfortunately i canā€™t use dirb as we know so i tried with burp buuttt burp suite 2.x 's spider seems to not work anymore :frowning: Any tip?

The first step is guessing a directory, the box name hints this as does some of the text on the index page. From here you should be able to make some progress (again without dirb).

Type your comment> @DAAAALY said:

The first step is guessing a directory, the box name hints this as does some of the text on the index page. From here you should be able to make some progress (again without dirb).

Oh wait yes i found that directory! Whatā€™s next? :frowning: Should i work with the request?

Guys, I am stuck at root part. I have done my enumeration with pspy but no luck. Tried to change path but no luck. Kindly help me for root. Please PM me

Managed to get the cred. Now using hā€¦t, will i be able to obtain the required cred using a kali virtualbox? Im not sure because it says 100% but it loopsā€¦ :confused:

Type your comment> @83114C140 said:

Type your comment> @DAAAALY said:

The first step is guessing a directory, the box name hints this as does some of the text on the index page. From here you should be able to make some progress (again without dirb).

Oh wait yes i found that directory! Whatā€™s next? :frowning: Should i work with the request?

It says itā€™s not made with VI, maybe itā€™s using something to manage the pagesā€¦ dig around.

Hey guys,
Stuck with root since 3 days, I believe I am so close to get it, but I miss something.
Ran pspy and noticed the odds, the permissions, but stuck with manipulating things.

I appreciate a nudge here.

Hey guys, Im also stuck on privilege scalation. I got user flag, found write permissions on some interesting directorys, i tryed to take advantage of it but failed to change path of f*******-s*****

I appreciate some help

Same here stuck on root, see the processes but cant manipulate anythingā€¦ as far as i know. Anyone with a hint would really be helpful, this is only my 3rd box and still learning along the way.

finally got root! Thanks to @DAAAALY helpful nudge

salt: 5ā€¦7
mpass: 6ā€¦7

is this correct?

pwned user. now onto root. :sweat_smile:

Got the salt and pass, unsure how to proceed with these? Trying to brute force with hashcat but looks like itā€™s going to take a whileā€¦ Iā€™m assuming there has to be a better way? Please DM if you can offer a hint.

Type your comment> @east said:

Got the salt and pass, unsure how to proceed with these? Trying to brute force with hashcat but looks like itā€™s going to take a whileā€¦ Iā€™m assuming there has to be a better way? Please DM if you can offer a hint.

You are correct to use that tool. What will matter next is the attack and hash you will use. Dont forget the ā€œstoneā€ cause the pass is there