Networked

Anyone who could give me a nudge on how to privesc to root? I think I’ve got a general sense of what I need to exploit but even after googling it I still have no clue where to begin with actually exploiting it.

Finally rooted, a couple of interesting steps and not necessarily too CTF’y.

Tip for initial foothold: “bake in” something into something else ?
tip for user: timing
tip for root: play around, see what happens with inputs

The box is finally rooted, a relatively simple box, but I do not appreciate it at all.

Thanks to the creator for his work.

rooted!

Foothold:
-Trivial, you learn this in your first boxes
-Find out where to Aim
-Aim
-Go to where you fired
-Shell

User:
Filenames are important

Root:
Just escape the ■■■■

Everything you need to get from Foothold > user > root is always in front of you, no need for enum scripts

Pls guys, stop DoSing the free servers, there’s no need to brute anything and the server is laggy af.

@danielcues I don’t suggest doing the CTRL+Z; stty raw -echo; fg routine for this box. That way, you can type freely, send your command, and get a response faster. Once you need a tty, go for it.

I’m stumped.

I have shell access. No idea how to get u*** priv.

Question: Must you know a bit of php?

really fun box, PM me if you need a nudge

Type your comment> @requiem said:

I’m stumped.

I have shell access. No idea how to get u*** priv.

Question: Must you know a bit of php?

It’s not really necessary, I spent a lot of time understanding the php, but it was ultimately useless. Look where the execution is and how you can work around it.

Awesome box, root was way easy, had a little problem with user but overall it was awesome. Thank you so much @v1p3r0u5 for the help bro. If anybody needs help PM me for sure.

Spoiler Removed

This box made me enjoy my sunday, i ended up banging my head with the initial foothold because of some really stupid conversion issues with my burp and what not, but after just throwing everything out the window and going back to basics, it was smooth biscuts and bobs your uncle.
I notoriously overthink things and this helped me jolt me out of that headspace 3 times in a row, not bad at all!

Foothold -
KISS (Keep it simple stupid)

User -
Read what it does and tell it what to do.

Root -
spotting is easy and use the options your given.

@guly Thanks : ]

Now back to that fun owntwoseven privesc

Got Initial Foothold: Learn how to fool the server.
Got User: Search where you can touch the prize.

On to Root

Rooted

Easy box…

PM for hints

Fun easy box. Was way overthinking root.

Do clean up after yourself to not spoil the box for the next person :slight_smile:

Hints
For user-

Find strange file and read it then manage to get user shell.```
Root-
```Commom priv esc```

Rooted. Hard to give hints on this box. Feel free to PM if you’re stuck.

This one wasn’t too bad. Had some issues wrestling with all the shitters rm’ing my scripts but whatever.

Easy user and root, PM me for hint

not able to get the shell. I can upload, but no shell . Looking at my syntax now.