Finally rooted this box! I spent way too much time being dumb and trying to get the LFI to run in the K****a debugging console, and couldn’t understand why I was just getting weird errors. All that was needed in the end was a good old curl. Root was then pretty simple.
Some tips:
User-
- The image isn’t useless, maybe get the help of a feline friend
- The high port has a well documented API, learn how to talk to it
- When you know how to talk, look through all the information, and then search for what the image told you (be aware you may be only looking at 10 entries at a time)
- When you find what you’re looking for you should know what to do
Root-
- You may need to become someone else
- If there is a service only available locally, there is a way to make it available to the outside
- Dont be like me and try to use the stupid debugging console
- Check the processes running for anything nonstandard, investigate them and then find a way to escalate.
- A online debugger for G**k helped me a lot
PM me if you need any help.