Done done done, fiiiinally
Second ever box, might be easy for y’all but ■■■■■■■ that wad a LEARNING CURVE and a half for me, thank you so much @Jkr really appreciate the box
Thanks to everyone else that posted hints/nudges.
User:
Don’t get tunnel vision, use the script, use a wordlist or hashcat, pretty straightforward (awesome script btw)
Root:
Learn and understand PATHS. My lack of knowledge there really delayed me.
So I’ve owned user, but I have been struggling with root for days now. Can someone give me a hint? I have been following the forum. I am aware of running a certain tool to examine processes. I believe I have identified the right PATH, but am unsure what to do next. I’ve watched IppSec Lazy as well and have attempted something similar
I have spent days on USER and cant take it any more lol… I have enumerated the s*** and the hd p*** but for the love of me can’t crack it and the native script found just WILL not do it, even with the wordlist that everyone already said will work… 0_o
I got the user flag, but root still, plz hint, I understand how to do it but I feel that I’m lost, the e*v command not working. any hint will be helpful.
thanks in advanced.
Edited: I got root shell and root flag finally, I built my own scripts which take time, but got lot of knowledge
Hey guys - can anyone PM a nudge, regarding the services, I have been analysing processes with pspy and have tried to Privsec using path hijacking but have been unsuccessful. Thanks!
For the exploit for user, should I be using the /w****** or the /w******/a**** path?
Focus on the /w****** path - find a tool that can help identify what the website is running (databases, language written in… etc…) then find which one of the services are vulnerable
I found the /w****** and also the /a**** one. Also used war and found a the C ma Sim but i’m stuck trying to go further on this part. Could someone PM and help me with this.
That was a nice little box. Cool idea for root. Tip for root: don’t try the same thing again and again (as I did). Try different things and something should work at the end.