kotarak

@altoarun said:
hi everyone, I’m having a hard time trying to bypass the ‘try harder’ filter. Already read a lot about LFI/RFI but can’t find a way in. Someone can send a tip?

you don’t need look outside the box… check carefully what you got from enumeration

@decart said:
Rhadow - there are two passwords that can be extracted. Try again, try them both.

2 passwords? are you sure?

and what one should do with this passwords? I am stuck…

Any hint/nudges/tips/suggestions for getting root? I found a bunch of pieces but I can’t get root

@DigitalSamurai said:
Any hint/nudges/tips/suggestions for getting root? I found a bunch of pieces but I can’t get root

Right there with you. This is a tough one. Every area I think may lead to it is missing a piece required. #rabbithole

@DigitalSamurai said:
Any hint/nudges/tips/suggestions for getting root? I found a bunch of pieces but I can’t get root

Same boat.

Actually… waiittt aaa mminnnutteeweeeeee

yeah I’m stuck too. Got 2 Passwords. But they don’t seem to be working with the associated accounts. So I’m stuck without a clue again :confused:

@rad4day said:
yeah I’m stuck too. Got 2 Passwords. But they don’t seem to be working with the associated accounts. So I’m stuck without a clue again :confused:

try again… the password works for me

anyone nows if to take root in kotarak i need bypass the S*A* from processor?

Anyone PM me… I have user. I think I’m on the correct path to root. Thanks.

So I got limited shell and found certain interesting files to be archived. Cracked one password from there but it doesn’t seem to work with the local user of same name. Found the “internal” thingy but the credentials don’t work with it either.

Can anyone provide a nudge?

I got user/pass from the place where the tetris game is, but can’t seem to find a way to create the initial shell. The only thing I can think of that I haven’t dealt with yet is the “try harder” filter. Should I try to bypass it or is there another way to go further?

@clt said:
I got user/pass from the place where the tetris game is, but can’t seem to find a way to create the initial shell. The only thing I can think of that I haven’t dealt with yet is the “try harder” filter. Should I try to bypass it or is there another way to go further?

Try another approach/service

Could anyone give me a hint on the final privesc from user to root? I’ve found 2 or 3 paths but they are all missing necessary things.

Also stuck trying to get root. Can’t find what I’m looking for there.

Also stuck on getting root for this box. I think I’m on the right track, but not sure how to use the .log file information. Can someone message me to confirm if my hunch is correct?

any nudge on the privesc to root? I’m pretty sure that the root flag is inside the machine in the L**, as the logfile states the IP of it. I found the “lady” archiver, but all the necessary binaries are removed. I checked all (I hope) the internal running services, but nothing. So i’d like to get a little nudge, thanks!

Having some hangups on this one. Found the private browser and the thing admins would want to see, but I’m clearly missing something. Any nudges would be appreciated.

Can anyone help? I’ve found the correct credentials but they aren’t being accepted. I don’t know if it’s a problem with the box or me. I’ve checked via writeups, so I know they’re correct but the vulnerable application keeps on prompting me.