Writeup

Ok, I give up!

Forget about user, it was the easy part.

On root, I ran pspy, noticed the non absolute path process, had some hints from ippsec’s lazy path video, tried that, non has given me a shell!

I’d appreciate some help here, I don’t want to skip this machine.

Thanks

Done done done, fiiiinally
Second ever box, might be easy for y’all but ■■■■■■■ that wad a LEARNING CURVE and a half for me, thank you so much @Jkr really appreciate the box

Thanks to everyone else that posted hints/nudges.

User:
Don’t get tunnel vision, use the script, use a wordlist or hashcat, pretty straightforward (awesome script btw)

Root:
Learn and understand PATHS. My lack of knowledge there really delayed me.

I edited this comm so i dont look stupid

Can anyone help me in root?. i know cron job is running, but dont know where to start.

I think I am the only one who has not managed to make the script work or is the paths that I have it wrong

Solved had an error the PATHS

So I’ve owned user, but I have been struggling with root for days now. Can someone give me a hint? I have been following the forum. I am aware of running a certain tool to examine processes. I believe I have identified the right PATH, but am unsure what to do next. I’ve watched IppSec Lazy as well and have attempted something similar

ROOTED.

root tip: Monitor log on events - take note. Know where you can write to. Understand order of importance with PATH.

good luck! and remember to tidy up after yourself :wink:

I have spent days on USER and cant take it any more lol… I have enumerated the s*** and the hd p*** but for the love of me can’t crack it and the native script found just WILL not do it, even with the wordlist that everyone already said will work… 0_o

I got the user flag, but root still, plz hint, I understand how to do it but I feel that I’m lost, the e*v command not working. any hint will be helpful.
thanks in advanced.

Edited: I got root shell and root flag finally, I built my own scripts which take time, but got lot of knowledge

Hey guys,

I really need help with root over here.

I used ps*y and I know how to add PATH and so but i’m stuck.

Please PM me

For the exploit for user, should I be using the /w****** or the /w******/a**** path?

Hey guys - can anyone PM a nudge, regarding the services, I have been analysing processes with pspy and have tried to Privsec using path hijacking but have been unsuccessful. Thanks!

Type your comment> @doates12 said:

For the exploit for user, should I be using the /w****** or the /w******/a**** path?

Focus on the /w****** path - find a tool that can help identify what the website is running (databases, language written in… etc…) then find which one of the services are vulnerable

Seriously… follow the path… finally rooted it

This machine is currently listed as both active AND retired… I’m new, is this normal? I thought it must be transitioning…

Edit: It’s no longer on the retired list…

I found the /w****** and also the /a**** one. Also used war and found a the C ma Sim but i’m stuck trying to go further on this part. Could someone PM and help me with this.

That was a nice little box. Cool idea for root.
Tip for root: don’t try the same thing again and again (as I did). Try different things and something should work at the end.

Hey guys,
still need help with root,
Please PM me if you can help.

hi, I am banging my head against the wall for user script…can anyone PM me please?

edit:nevermind, discovered it was a URL path issue…user achieved. moving to root.

just owned root, good box