• Ok, I give up!

    Forget about user, it was the easy part.

    On root, I ran pspy, noticed the non absolute path process, had some hints from ippsec's lazy path video, tried that, non has given me a shell!

    I'd appreciate some help here, I don't want to skip this machine.


  • Done done done, fiiiinally
    Second ever box, might be easy for y'all but goddamn that wad a LEARNING CURVE and a half for me, thank you so much @Jkr really appreciate the box

    Thanks to everyone else that posted hints/nudges.

    Don't get tunnel vision, use the script, use a wordlist or hashcat, pretty straightforward (awesome script btw)

    Learn and understand PATHS. My lack of knowledge there really delayed me.

  • edited August 2019

    I edited this comm so i dont look stupid

  • Can anyone help me in root?. i know cron job is running, but dont know where to start.

  • edited August 2019

    I think I am the only one who has not managed to make the script work or is the paths that I have it wrong

    Solved had an error the PATHS

  • So I've owned user, but I have been struggling with root for days now. Can someone give me a hint? I have been following the forum. I am aware of running a certain tool to examine processes. I believe I have identified the right PATH, but am unsure what to do next. I've watched IppSec Lazy as well and have attempted something similar


    root tip: Monitor log on events - take note. Know where you can write to. Understand order of importance with PATH.

    good luck! and remember to tidy up after yourself ;)

  • I have spent days on USER and cant take it any more lol... I have enumerated the s*** and the h****d p******* but for the love of me can't crack it and the native script found just WILL not do it, even with the wordlist that everyone already said will work.... 0_o

  • edited August 2019

    I got the user flag, but root still, plz hint, I understand how to do it but I feel that I'm lost, the e*v command not working. any hint will be helpful.
    thanks in advanced.

    Edited: I got root shell and root flag finally, I built my own scripts which take time, but got lot of knowledge

    N3v3r Giv3Up, 3v3ry th!ng !s p0ss!ble .

  • Hey guys,

    I really need help with root over here.

    I used ps*y and I know how to add PATH and so but i'm stuck.

    Please PM me

  • edited August 2019

    For the exploit for user, should I be using the /w****** or the /w******/a**** path?

  • Hey guys - can anyone PM a nudge, regarding the services, I have been analysing processes with pspy and have tried to Privsec using path hijacking but have been unsuccessful. Thanks!

  • edited August 2019

    Type your comment> @doates12 said:

    For the exploit for user, should I be using the /w****** or the /w******/a**** path?

    Focus on the /w****** path - find a tool that can help identify what the website is running (databases, language written in.. etc..) then find which one of the services are vulnerable

  • Seriously... follow the path... finally rooted it

  • edited August 2019

    This machine is currently listed as both active AND retired.. I'm new, is this normal? I thought it must be transitioning..

    Edit: It's no longer on the retired list...

  • I found the /w****** and also the /a**** one. Also used wa******r and found a the C** ma** Sim** but i'm stuck trying to go further on this part. Could someone PM and help me with this.

  • That was a nice little box. Cool idea for root.
    Tip for root: don't try the same thing again and again (as I did). Try different things and something should work at the end.


  • Hey guys,
    still need help with root,
    Please PM me if you can help.

  • edited August 2019

    hi, I am banging my head against the wall for user script...can anyone PM me please?

    edit:nevermind, discovered it was a URL path issue...user achieved. moving to root.

  • just owned root, good box

  • Wasted a long time on root trying to establish a reverse shell, however just using cat on the root.txt file works too I guess. Still not sure why my reverse shell wouldn't execute...

    A+ | Net+ | Sec+ | Server+ | CySA+ | PenTest+ | CASP+

  • Hello everyone,
    stuck on getting root flag. privilege escalation. could use some help please.
  • My exploit keeps timing out. The S** I***** exploit.

    Anyone encounter this and know a way around it?

  • edited August 2019

    Nevermind, I was in the wrong directory.

    edit: okay yeah but it's also timing out when i tried it again.

  • Now trying to get root, totally out of ideas on how to do the PATH thing. I have a rough idea of how to priv esc, but I'm totally stumped on how to do it. Yes I've looked at the processes.

  • Guys,

    Hint for ROOT:

    If you are using VIP server, switch for the free one.
    In the free server, there is traffic that in VIP server you most likely won't see.

    After switching to the free server, try to see what happens after other users logged in .

    PM me if you need more help.

  • Need help with root!! Got no clue what to do? I am monitoring pspy ssh logs path but no sure what to do about it.
    Anyone up for help here?

  • edited August 2019

    this priv escalation is gonna make me smack my head on the desk. I for sure found the directory I can write too, and I see what happens with a netconn. Just gonna take a break for now.

  • @TheRealHooz
    Mee too stuck there. got the directory but damn nothing working. I am already banging my head

  • Can anyone help me with the credentials? I've found user, email, salt and passwd and it seems to be impossible to decode it...

Sign In to comment.