Networked

Hints
For user-

Find strange file and read it then manage to get user shell.```
Root-
```Commom priv esc```

Rooted. Hard to give hints on this box. Feel free to PM if you’re stuck.

This one wasn’t too bad. Had some issues wrestling with all the shitters rm’ing my scripts but whatever.

Easy user and root, PM me for hint

not able to get the shell. I can upload, but no shell . Looking at my syntax now.

Managed to get a low priv shell. But I’m unsure on how to get the actual user. Are the files in home of any use?

Rooted :slight_smile:

Just rooted

Got user and root !

Nm, rooted

I’m a noob. I don’t see anyone else mention they are having difficulty port-scanning this box… I’ve run at least half a dozen different nmap scans, except a UDP scan of ALL ports(waiting on one). All scans have reported that all ports are filtered, this has remained across box resets… I’m always up for a challenge, but want to make sure this is meant to be happening?

EDIT: Oddly enough, I now AM able to scan the box, 24hrs later… and no ports are coming back as filtered… I couldn’t see any ports before, nor visit the site, but now it’s working. Very odd.

Type your comment> @Lodovico said:

I’m a noob. I don’t see anyone else mention they are having difficulty port-scanning this box… I’ve run at least half a dozen different nmap scans, except a UDP scan of ALL ports(waiting on one). All scans have reported that all ports are filtered, this has remained across box resets… I’m always up for a challenge, but want to make sure this is meant to be happening?

You need to enumerate the HTTP service a bit. The initial part is relatively simple.

Type your comment> @Seepckoa said:

You need to enumerate the HTTP service a bit. The initial part is relatively simple.

I thought I had tried that… looks like I hadn’t gone deep enough. I guess my suspicions about an obstacle in my way may be confirmed. Thanks!

Privesc to root is making me scratch my head. I see my ability but trying to understand how to leverage it to get that # sign.

Rooted :slight_smile:

Appropriately rated box. What I didn’t like is even though the paths to exploit were clear if others didn’t clean up afterwards it spoiled the box.

Type your comment> @Lodovico said:

Type your comment> @Seepckoa said:

You need to enumerate the HTTP service a bit. The initial part is relatively simple.

I thought I had tried that… looks like I hadn’t gone deep enough. I guess my suspicions about an obstacle in my way may be confirmed. Thanks!

No worries, and good luck for exploiting the flaws of this system.

Rooted , Hint
#Initial,user and root
Analyse the flaw in code :smiley:

Fun box, make sure to clean up stuff to prevent spoilers at certain stages. A few hints:

Shell: view the source, check out that one file. You might not necessarily be able to totally bypass certain filtering, but you can still smuggle things inside legit files.

User: enumerate, then return to the source. Timing is everything.

Root: More standard enumeration. No need to overthink getting around filtering; this can be found with some easy manual fuzzing. There is an article out there if you search well enough on the exact vuln, posting the article is too much of a spoiler though.

Just got user.txt with the most ridiculous method. No idea at this moment in time how to get even a user shell (ie g*** as the whoami) !

Type your comment> @nuxmorpheus01 said:

Type your comment> @monkeybeard said:

@nuxmorpheus01 after your initial enumeration you will find some interesting pages, from there you just have to get your shell onto the server, one of the most trivial ones there is

I have found the pages. I tried to use curl to upload my shell. No success.

Maybe the path I am following is correct but I am failling in the execution?

Are you remembering to make your shell file executable? I didn’t at first!