Writeup

Guys, I am stuck at root part. I have done my enumeration with pspy but no luck. Tried to change path but no luck. Kindly help me for root. Please PM me

Managed to get the cred. Now using h…t, will i be able to obtain the required cred using a kali virtualbox? Im not sure because it says 100% but it loops… :confused:

Type your comment> @83114C140 said:

Type your comment> @DAAAALY said:

The first step is guessing a directory, the box name hints this as does some of the text on the index page. From here you should be able to make some progress (again without dirb).

Oh wait yes i found that directory! What’s next? :frowning: Should i work with the request?

It says it’s not made with VI, maybe it’s using something to manage the pages… dig around.

Hey guys,
Stuck with root since 3 days, I believe I am so close to get it, but I miss something.
Ran pspy and noticed the odds, the permissions, but stuck with manipulating things.

I appreciate a nudge here.

Hey guys, Im also stuck on privilege scalation. I got user flag, found write permissions on some interesting directorys, i tryed to take advantage of it but failed to change path of f*******-s*****

I appreciate some help

Same here stuck on root, see the processes but cant manipulate anything… as far as i know. Anyone with a hint would really be helpful, this is only my 3rd box and still learning along the way.

finally got root! Thanks to @DAAAALY helpful nudge

salt: 5…7
mpass: 6…7

is this correct?

pwned user. now onto root. :sweat_smile:

Got the salt and pass, unsure how to proceed with these? Trying to brute force with hashcat but looks like it’s going to take a while… I’m assuming there has to be a better way? Please DM if you can offer a hint.

Type your comment> @east said:

Got the salt and pass, unsure how to proceed with these? Trying to brute force with hashcat but looks like it’s going to take a while… I’m assuming there has to be a better way? Please DM if you can offer a hint.

You are correct to use that tool. What will matter next is the attack and hash you will use. Dont forget the “stone” cause the pass is there

@govsec said:

You are correct to use that tool. What will matter next is the attack and hash you will use. Dont forget the “stone” cause the pass is there

Thanks, I ended up doing it with the exploit itself and the queen song wordlist.

Now stuck on root. See the processes with pspy but don’t know what to do with them.

Finally got root! .Very nice machine…Especially for beginners like me.I learned to much things.Thank you for @squeakyzeeky and @Salsa for nudging me when I lost my way.And thank you for @jkr for creating this machine.

I enjoyed this one a lot. Getting user was pretty straightforward; getting root was a lot of fun!

Type your comment> @dividebyzer0 said:

Tell you what… if you can decrypt this, you’ll know what you need to do to root this box.

Ubj nobhg lbh chg va gur rssbeg naq QB VG LBHEFRYS lbh ynml cvrpr bs fuvg?

Once you decrypt it u will immediately do the rest :smiley:

Got Root!
Thanks @jkr for this machine. :smile:

PM for nudges if you are stuck…

PM me any nudges I’m having issues with permissions and trying to get root

Best box i’ve done so far! Tons to learn! Thanks @jkr

Just got root, can’t believe that worked! Think I stepped in every rabbit-hole there was. :smiley: In the end something was not a parameter where I thought it was.
This was a very valuable lesson and an excellent box! Thanks @iGotRoot for the nudge!

Type your comment> @EternalB1ue said:

Hint for root: When root takes something from a location user can control, bad things happen =D

Very useful hint !!!

Got root finally, thanks @odinshell for the nudges