Networked

Just got user.txt with the most ridiculous method. No idea at this moment in time how to get even a user shell (ie g*** as the whoami) !

Type your comment> @nuxmorpheus01 said:

Type your comment> @monkeybeard said:

@nuxmorpheus01 after your initial enumeration you will find some interesting pages, from there you just have to get your shell onto the server, one of the most trivial ones there is

I have found the pages. I tried to use curl to upload my shell. No success.

Maybe the path I am following is correct but I am failling in the execution?

Are you remembering to make your shell file executable? I didn’t at first!

User and rooted! Though I’m struggling to understand why root pe works. If you’ve rooted this box and have a decent understanding of how/why root works, I’d love to know!

Got root! All about trial and error :wink:

I’ve got a shell, but can’t get user. I get the feeling I am missing something obvious. If someone could give me a nudge in the right direction, it would be appreciated.

rooted , I found I overthought this one way too much. Like others said, everything you need is right in front of you. DM’s welcome if you need a nudge

Finally rooted, my first machine in ages.

Nice box. Felt like if I have the source code given to me and still need trial and error then I’m failing a bit…

Type your comment> @reverendin said:

I’ve got a shell, but can’t get user. I get the feeling I am missing something obvious. If someone could give me a nudge in the right direction, it would be appreciated.

Im in the same boat.

Any hint on root flag?

Owned user and root, took me some struggle. What needed to be done was clear to me, just not how to achieve it. All can be achieved without altering existing files, exploits or similar. With look back, fun box :slight_smile:

Finally got root. Hint: read, try and repeat. I was frustrated beyond belief but finally started putting things in and reading what happened.

Can someone help me interpret from the source how the rename process is working? I cant figure out how it is naming and would like to understand, pointers appreciated.

Got root but while I know HOW I got it (semi focused thinking or blind luck ) I don’t get WHY this works, I understand what I change, I don’t understand what’s causing the process to work the way it does rather than just throw a hissy fit and error.

Can anyone DM me a why this works, Google turns up how to use the commands rather than why they give the escalation.

Does this box crash and reset every 5 min for anyone else? Like is that supposed to happen? I am even on a VIP server but cannot seem to get more than 3-5 min before it goes offline and comes back reset

Need a nudge for user. I do have a shell, but need priv esc.

I believe it would be upsetting to do this machine on free servers. Anyways, really cool machine.
Hints:
Initial part: Don’t forget to look for all type of files while searching dirs, you can also guess it by the content of that one file you find in some folder. It’s really basic to get a shell from there.
User: Read the content of the two files in the home directory and then do what you think is right. Waiting will help you.
Root: Don’t even need to enumerate much, once you find the right file, try to escape it and execute something

I am stuck at root…found a file that has sudo priv . but idk how to escape and get shell. any hints will be appreciated. tq

Hey guys can I get a dm on user esc. I got initial shell but have no idea what the php is doing or how it helps me get user.

Rooted, really liked the box.

Since you have the sources all you had to do was understand the code and go through it step by step.

User
On VIP you didn’t get spoilers just by visiting however on Free its a total different story. If you really want to learn something ignore what others did in the browsable sites and analyze the PHP, THEN do what you think is right.

It takes three steps to user, one forward, one backward and one forward again.
Get shell, take information back, get shell again.

https://www.php.net/docs.php

Take the functions used, look them up in the docs/w3schools and run them online. If you are unsure how one initial variable is declared, a certain easy-to-discover page will tell you. Make your own $name variable and run it through function after function just like the website does it.
After each function write down the output, take it to the next function and repeat.

If you want to get fancy, take the files and make your own server locally.

PHP Boolean False = 0
PHP Boolean True = 1

Root
Basic enumeration, you can run the well known script or if you do the most important things manually you will discover it pretty fast too.
If you found it you aren’t far away, run it and dont space out, focus on task ahead