Networked

Privesc to root is making me scratch my head. I see my ability but trying to understand how to leverage it to get that # sign.

Rooted :slight_smile:

Appropriately rated box. What I didn’t like is even though the paths to exploit were clear if others didn’t clean up afterwards it spoiled the box.

Type your comment> @Lodovico said:

Type your comment> @Seepckoa said:

You need to enumerate the HTTP service a bit. The initial part is relatively simple.

I thought I had tried that… looks like I hadn’t gone deep enough. I guess my suspicions about an obstacle in my way may be confirmed. Thanks!

No worries, and good luck for exploiting the flaws of this system.

Rooted , Hint
#Initial,user and root
Analyse the flaw in code :smiley:

Fun box, make sure to clean up stuff to prevent spoilers at certain stages. A few hints:

Shell: view the source, check out that one file. You might not necessarily be able to totally bypass certain filtering, but you can still smuggle things inside legit files.

User: enumerate, then return to the source. Timing is everything.

Root: More standard enumeration. No need to overthink getting around filtering; this can be found with some easy manual fuzzing. There is an article out there if you search well enough on the exact vuln, posting the article is too much of a spoiler though.

Just got user.txt with the most ridiculous method. No idea at this moment in time how to get even a user shell (ie g*** as the whoami) !

Type your comment> @nuxmorpheus01 said:

Type your comment> @monkeybeard said:

@nuxmorpheus01 after your initial enumeration you will find some interesting pages, from there you just have to get your shell onto the server, one of the most trivial ones there is

I have found the pages. I tried to use curl to upload my shell. No success.

Maybe the path I am following is correct but I am failling in the execution?

Are you remembering to make your shell file executable? I didn’t at first!

User and rooted! Though I’m struggling to understand why root pe works. If you’ve rooted this box and have a decent understanding of how/why root works, I’d love to know!

Got root! All about trial and error :wink:

I’ve got a shell, but can’t get user. I get the feeling I am missing something obvious. If someone could give me a nudge in the right direction, it would be appreciated.

rooted , I found I overthought this one way too much. Like others said, everything you need is right in front of you. DM’s welcome if you need a nudge

Finally rooted, my first machine in ages.

Nice box. Felt like if I have the source code given to me and still need trial and error then I’m failing a bit…

Type your comment> @reverendin said:

I’ve got a shell, but can’t get user. I get the feeling I am missing something obvious. If someone could give me a nudge in the right direction, it would be appreciated.

Im in the same boat.

Any hint on root flag?

Owned user and root, took me some struggle. What needed to be done was clear to me, just not how to achieve it. All can be achieved without altering existing files, exploits or similar. With look back, fun box :slight_smile:

Finally got root. Hint: read, try and repeat. I was frustrated beyond belief but finally started putting things in and reading what happened.

Can someone help me interpret from the source how the rename process is working? I cant figure out how it is naming and would like to understand, pointers appreciated.

Got root but while I know HOW I got it (semi focused thinking or blind luck ) I don’t get WHY this works, I understand what I change, I don’t understand what’s causing the process to work the way it does rather than just throw a hissy fit and error.

Can anyone DM me a why this works, Google turns up how to use the commands rather than why they give the escalation.

Does this box crash and reset every 5 min for anyone else? Like is that supposed to happen? I am even on a VIP server but cannot seem to get more than 3-5 min before it goes offline and comes back reset