Registry

hmmm… got in last night as b**t user, but when I reset the box today and SSH in as user b**t, certain s**o command was gone… I guess thats the patch people are talking about?

Yes sudo doesn’t work anymore stuck at privesc …

root is pretty cool.
Gotta dig into the documentation for this one.
(Edit: Looks like it’s not the intended way but…pretty close :))

Finally got user, in retrospect it is stupidly simple, just got deep down to a rabbit hole…
Now onto root :slight_smile:

i got user within the hour of the box but didnt get any further before the patch came hehe.

i enjoyed the last part (:

Could someone give me a nudge on root, the possible paths not working for me.

The funny thing i can “id” and “whoami” as root and some other capabilities as well but not an actual root on the whole system!!

Type your comment> @Z0d said:

The funny thing i can “id” and “whoami” as root and some other capabilities as well but not an actual root on the whole system!!

yep! same thing for me with that privesc thing… but reading previous comments it seems to me that there’s also another way to root (exploiting the r****c tool)

Just rooted!
An amazing box that teached me a lot of new things i didn’t even knew about!
Special thanks to @polarbearer for his patience and help xD
Also a big thanks to @thek for this amazing box :slight_smile:

@DaChef, I am so glad that you like it. Thx man :wink:

The machine has been updated, and they have patched things.

WoW, really cool box, thanks @thek
Just because I’ve almost shouted to the screen when I got root, I will try to give some meaningful advice:

user: just do normal enumeration until you find the API of a very popular tool used in devops, enumerate that new service, make a local copy and then enumerate again once you are iniside, from there you should get a ssh account to the box that will give you user

root: the fun begins here mate, I will only talk about the hard privesc since it’s the only one left at the moment, enumerate EVERYTHING as if it was the first time on the box, you might get too focused on 1 file as I did, but you will find out that you cannot exploit it directly, so ENUMERATE MORE until you find some creds, then exploit the service that the creds are for, finally you will have a shell for a user that will be able to exploit the last thing to get root (the 1 file I was talking you about), so setup your local thing and get your ■■■■■■■■ fucking root.txt

Let’s go mates, have fun.

fantastic box root i thought was frustrating at first until i read things correctly did notice some changes over the past 24 hours that effected a few things but got there all the same.

If your stuck hit me up will do my best and back online in 8 hours time :smiley:

I was really enjoying this box until I got user and started moving towards root, and then I discovered all the little measures designed to just annoy me in my quest rather than serve any legitimate security purpose. User was interesting and informative, but root is turning out to be extremely annoying for really no reason at all.

any help for root ? i have shell

Finally got there. Holy ■■■■, that privesc was so, so annoying. There are so many little “features” on this box that are just designed to be irritating.

PM for hints; not my favorite box.

Got root… Finally!!!

Funny box… Needed some clue from this board to get (back) on track, once figured it out how to proceed, it’t just a matter of RTFM ;).

Well, this was interesting…

I found the creds to the second shell before anything else, so I thought I could hit root directly… but Computer says no. So I had to go back and do it the way it is designed to be… ■■■■ it :stuck_out_tongue:

Anyway, hints:
user: do your enum. There are obvious clues, then google and find a step by step article on what to do.
root: find the one thing that really matters from your enum, and just follow the steps to be able to do what you want to do.

Thank you @thek great learning experience && nice box :slight_smile: