Is it just me or is there something wrong with the exploit?? I understand what I have to upload and my script to the .o** is correct, but every time I execute it, I get nothing?? Is there another attack path or is this just a rabbit hole???
This machine is actually harder than i thought…
I cant really say much without spoiling it so yeah, here are some of my hints
Initial: Enumerate harder find what you should find, read it carefully and it could be the hint that you are looking for…
User: Do your usual enumeration when you see something, again read it carefully and think about it. It is one of the most common method of baiting through phishing . This part is rather realistic.
Rooted! And had a great time with it, too. Pretty cool concept for a box
Here are some hints for user/root:
User
Make sure you pay attention to the service that is running on the higher port. There’s one in particular that you can abuse specifically. As was mentioned above, it is rather realistic and closely related to phishing tactics.
Root
Extract. Pay attention to what is relative. Afterwards, you can abuse a particular service to get the shell you want.
Rooted! And had a great time with it, too. Pretty cool concept for a box
Here are some hints for user/root:
User
Make sure you pay attention to the service that is running on the higher port. There’s one in particular that you can abuse specifically. As was mentioned above, it is rather realistic and closely related to phishing tactics.
Root
Extract. Pay attention to what is relative. Afterwards, you can abuse a service to act as who you want to be.
I did the machine and got root … but I don’t really understand your hints!!
I can find 2 open ports, am i missing a high end port ?
Refer to the “higher” port. Sorry, my description wasn’t as accurate as I could have made it. Two ports is correct.
Thanks, i need to look harder i guess as i found only one S** sh***
any luck ? …Even I have gotten as far as you may have!! I may have some idea tho how to proceed
Rooted! And had a great time with it, too. Pretty cool concept for a box
Here are some hints for user/root:
User
Make sure you pay attention to the service that is running on the higher port. There’s one in particular that you can abuse specifically. As was mentioned above, it is rather realistic and closely related to phishing tactics.
Root
Extract. Pay attention to what is relative. Afterwards, you can abuse a service to act as who you want to be.
I did the machine and got root … but I don’t really understand your hints!!
This box is lovely because there are several paths to root and there are many paths to discover that paths. We also have several possible directions that will not lead to result but still is interesting for learning.
I just started this box and I THINK I am on the right path to user. Does this have to do “making something unclear” and putting it on a higher port to run? Or is this a rabbit hole