@Quacktop Thanks for your kind words though! Could you PM me though I would be interested to know the route you took
@blaudoom I'm glad you enjoyed it! Sometimes we can all get mislead in some way. What's important is you figured out how to get past it! Thanks for your kind feedback!
Was a very fun box
hints for initial:
hint for user:
hint for root:
like always if it spoilers too much please delete
If help is needed PM me
Rooted. Wow I feel dumb, the privesc from foothold to user was glaringly easy but my brain just died. Overall fun box but I feel the root was a bit too easy.
Really fun box I have a tendency to overthink "easy" boxes which got me stuck a couple of times.
Got user access @M**t
Just rooted this box. Thoroughly enjoyed it, found user to be harder than root though..rooted within 5/10 minutes of getting user.. Thanks @TheCyberGeek
OSCP | CCNA | CPSA
very good box! I like it
uid=0(root) gid=0(root) groups=0(root)
Loved it.. Was good for New people hope there are more like this.
I did learn some good stuff even with root.. Was a small lesson but one was learned.. Look at everything..
PM for hints..
Finally owned it! User was much more difficult than root - I certainly over-complicated, over-thought every step and went down every rabbit hole! Note to self: Keep it simple stupid
Thanks to @beorn and @MrW0l05zyn for the nudge with foothold.
PM me for nudges..
Got around to this yesterday and rooted it. Looked past the first bit for user out of eagerness. Taught me to enumerate harder again.
Hints on here are already enough, as previously stated.
Good luck everyone!
defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”
Rooted. I liked this box, I think it's good to have always boxes like this in the lab. Easy (for the newcomers) and also with something that (almost) everyone else can learn about some popular service.
Sec+ | OSCP
Always happy to help but remember give some rep to my profile if I helped you! :-)
Rooted my mf was not working properly now fixed with the sl and got root
Rooted, thanks whoever helped me
Can anyone give me a hint about getting a user for the postman
Rooted! Fun box. For user i had to reset the box in order to get the default directory for r****, so make sure you know where you are.
I think I'm using the correct exploit but when I try to run it only i see "receive data" two times and that's it, but I'm not sure what I'm doing wrong.
Awesome box! User was fun! After that, root was fairly straight forward. Thx @TheCyberGeek !
PM for Nuggets
hint for root: if m*f doesn't work but c***k says 'vulnerable', then this -> try harder
PM me for help.
--- I reply faster on Telegram @halishasec and [Discord Tavi #6865]
--- Please specify the machine you're working at when messaging
Pretty easy box. When i was waiting for user, i eventually got root lol.
User (or initial shell): do you see something new in your scan? A pretty nice time to google about it, isn't it? Hint: as mentioned above, don't change the dir
Root: simpler than 2, 3, 5, 7 and 11. I even didn't use LinEnum. Connection closed? Maybe you are not welcome to come through this door? But every house has windows...
PM if you completely lost
can someone please tell me where i can read up on using ssh2john.py
never mind found it!
If you need help with something, PM me how far you've got already, what you've tried etc.
Hi all! I am stuck in r**is. i noticed that here is no MO***E command, so exploits didnt work, drop some key file in some directory isnt work for me (idk, is it working at all). i think i can do something with LUA scripting here, but no luck. Help, i need somebody, help...
Rooted! Fun box. Learn a lot through user!! PM if you need some help!
I am root! Certainly an enjoyable box. I found the initial foothold to be a very good learning experience.
1º The obvious exploit is not going to work.
2º Read articles about the vulnerability, and you will find an alternative approach. There are tons of articles about it.
3º Once you do your research, remember that not all home directories fall under home.
4º Play with a client tool to get additional information.
5º Prepare your attack, and get in.
1º Go back to your initial enumeration.
2º Don't overthink. Root is easy.
@TheCyberGeek , thank you for the box.
Click here to create an account.