Ufff, finally rooted. For me as a Linux guy this was a very tough box. But a very realistic one and I had a lot of fun…
Special kudos to the following people who helped me a lot in understanding this box: @dsavitski @gokuKaioKen @CHUCHO and @m4xp0wer THX!!!
My hints:
USER
- read a lot and use some “basic” skills…
- use a “simple” way to write a webservice
ROOT
- keep your webservice open… it could help you somehow
- as mentioned before in the forum: understand the whole process even if it’s not written down somewhere
- maybe you have to manipulate your exploit a little bit…
- don’t be afraid of multiple reverse shells
- use the power to abuse a (as I learned) common windows service
- if you are not familiar with mz, m***r is your friend
Big shoutout to @0xdf for creating this very realistic and fun box!
Feel free to PM me, if need a hint or two