Networked

Thanks @guly for a beautiful and simple machine
Your Unattended was an incredibly cool machine, this CTF is more easy, but also very interesting

Need a nudge for the user. I do have a shell up but I need priv esc. Please help! Thanks!

Awesome box!

[root@networked ~]# id
uid=0(root) gid=0(root) groups=0(root)

Finally! Rooted. Learned some stuff. Thanks @guly for the box. DM if you need a any nudge…

Struggling with root, found the file but unable to do anything with it. Can anyone PM me please?

Edit: rooted, me been stupid. PM if you need help

Type your comment> @wawrzeniec said:

Type your comment> @x41 said:

Why do I always struggle with the seemingly easy stuff.
4 hours in and not even a shell. sigh

This is pathetic.

You are not the only one. I don’t know why people say that it’s easy or straightforward but having never done or heard about this before it certainly wasn’t for me. I was able to get a shell after a lot of headache so feel free to pm me if you need a nudge in the right direction

I’ll ask you if I can’t get it after the next 4 hours. :smiley:
I haven’t exhausted my possibilities. So I’ll try harder.

I got root.txt. It’s very instructive machine
Thanks to @4LPH4X and @GChester

User took me too long too crack, i started to hate PHP lol, but very good Box. Root is pretty much very very simple.

Hint for root: don’t think too much, just do basic enum and try basic commands :relaxed:

Thanks to the people who helped me for user :wink:

Finished up the box. Interesting box. Not totally understanding the root portion totally. Liked to compare solutions with anyone else, see if we got root the same way.

@PanamaEd117 - just got root.

i was confused too, afterwards. to help it make a bit of sense, think about how what you entered got put into a file somewhere. Then, on any box, try entering that same kind of thing as an experiment. Think about what isn’t happening properly.

thanks all for abusing the box, two clarification:

  1. foothold: no CTF at all, that is something that existed as default and was actively exploited. no problem if you never heard about it and just tried to throw everything you have in your arsenal, but please CTF is not a synonym of “I wasn’t aware” :slight_smile:

b) root: again, no problem if you spray&pray, that’s a big part of this game. but bear in mind that this is again a default for this scenario, still today. you really should follow old-school message board.

try to understand both foothold and root, bloods are gone and there’s no rush to just flag. research, understand, and unalias CTF pls :slight_smile:

Confused on root. Please PM with tips/hints.

EDIT: nevermind, I rooted it. Not really sure how though.

Confused on user. Please PM with nudge. Can upload but not that what I want to.

OK got root but it was pure luck and not really sure why it worked. If anyone can explain the exact reason for the privesc I would greatly appreciated. DM or discord, thanks.

I’m pretty stuck on root if someone could PM me for advice. I feel stupid, but i’ve tried all the “simple” stuff.

Found up****.php , Give further hint

rooted!

initial access: you need to fool the server…
user : take a look at source… and just try run… trial and error…
root : simple… see what you can do in the server…

pm me for help…

Rooted: Ezclap

Type your comment> @DeDeReporter said:

Ok. Rooted. But can someone explain me why script line

 e**o $**r=$*

EXECUTING command included in $*?
i will appreciate some explanation on DM. I dont like rooting machines without fully understanding what happens.
Thanks in advance

the ifup executing command, not echo

rooted thanks to @D8ll0 and @Tohzzicklao