fantastic box root i thought was frustrating at first until i read things correctly did notice some changes over the past 24 hours that effected a few things but got there all the same.
If your stuck hit me up will do my best and back online in 8 hours time
I was really enjoying this box until I got user and started moving towards root, and then I discovered all the little measures designed to just annoy me in my quest rather than serve any legitimate security purpose. User was interesting and informative, but root is turning out to be extremely annoying for really no reason at all.
Finally got there. Holy ■■■■, that privesc was so, so annoying. There are so many little “features” on this box that are just designed to be irritating.
I found the creds to the second shell before anything else, so I thought I could hit root directly… but Computer says no. So I had to go back and do it the way it is designed to be… ■■■■ it
Anyway, hints:
user: do your enum. There are obvious clues, then google and find a step by step article on what to do.
root: find the one thing that really matters from your enum, and just follow the steps to be able to do what you want to do.
I’m on the final point any hint on how to get rshell as user wd tried bind and reverse for million types with no luck managed to get command execution though.
Can someone clear out one thing to me.
On my way to root I’m able to get rev shell as that -d user.
However the shell is buggy lags in responses.
Am I doing something wrong or the box is just buggy?
User was fun! Really like the box so far, thanks @thek
that’s an interesting way to learn the app used on this box
user tips: (almost) everything can be done manually. no special tools or techniques needed. find out what app is installed on the box and start reading the docs. you want to fetch the thing. after that spin it and look what you’ve got inside. all you need is the key and to check every file in ~
root: find the app and login, check out the file at the app’s dir, you want to have access to that user who runs the command, serve…