got user and file c*********.*h, someone can pm me for a little hint? i now that i can e**c something
Finally got root on this one!
User was pretty easyā¦ root not so much
Fun box!
Iām stuck on the initial foothold. I can get an incoming connection, but a shell isnāt spawning. Any help?
I have a question,
I got to user.txt and I saved it on my pc, now if I go to sleep and I want to come back the next day to complete working on trying to get to root, why do I have to repeat all the process of having the shell until getting the user password? why canāt I connect directly with the password I already had ?
I tried ssh username@mchineip
(yes/no?)
yes
password: password of user
it outputs to me: authentication failed
is there any way to do it?
[Rooted]
Cheers! @guly never known the vulnerability for root priv until i played this box. Learned something new
Got Root::root part was fast and fun, you just need to read the included i*\*\*g-g\*\*y
netfile
this box is all about viewing and reading source codes.
Hi guys, Iām struggling with this machine, no idea how to get user (trying to dirbust the machine IP on port 80). Any hint by PM, please?
Type your comment> @markontherocks said:
Hi guys, Iām struggling with this machine, no idea how to get user (trying to dirbust the machine IP on port 80). Any hint by PM, please?
You can PM me if you still want help
hint: for root, use ( sudo file *) then play with input
Hey guys, ive dirbusted the 80th port and dont really know what i
m looking for.
send me little hints please!
Can anyone DM some tips on what exactly to do with c**_a**.***? i know what the script is doing, but I am at a loss on how to manipulate it to work to my advantage. Help would be appreciated!
Got root! Thanks for the help!
Feel free to DM me if you need any hints!
trying to get rootā¦ i found the c*********.s* script but cannot find a way to gain command execution with it. I have tried all sorts of cmds for the NAME var but I just donāt see how it is executed per the code. any help via DM would be appreciated>
Hello guys.
I got shell into the machine with a***** user, once logged in if i type āwhoamiā sometimes display a***** user and sometimes display g**** user.
Is this a machine bug?
Is this a cron process ?
Any further hints?
Type your comment> @wsurfer said:
Hello guys.
I got shell into the machine with a***** user, once logged in if i type āwhoamiā sometimes display a***** user and sometimes display g**** user.
Is this a machine bug?
Is this a cron process ?
Any further hints?
Had the same issue, closed other shell & waited for next cron exec & was āg***ā
Any hints on getting user once u`ve gotten a low priv. shell?
Rooted! Can someone please explain the user exploit and why it works?
User: Go to ā¦/ā¦/ā¦/u****s and youāll get it.
Root: Once you find the right fileā¦ āDo something pleaseā āNoā āSudo something pleaseā āOKā
Hope thatās not too spoilery
PM me for hints/explain the exploit for me
Got Root!
A very nice box that brings you back to basics and reminds us not to overthink of simple things.
Follow the route: shell ā user ā root
Hints:
- Shell: enumerate directories and find a way to bypass the security measures
- User: Command injection in vulnerable script
- Root: Way easier than user. When you find out what you can run as root search well on Google regarding on how to exploit the code.
You are more than welcome if you want hints via PM.
Nice box @guly !
Iām struggling with getting connection to the shell. I uploaded the package and loaded the image in the browser, but I canāt get connection with by terminal. Any nudges (or DMās) in the right direction are greatly appreciated
The first version of this box, exposed other ppls inital foothold, that threw the struggle away - you could see contents of the /u***d folder. To get user was easy bcause you could see what other ppl was doing to get it. Same with root.
Feelt like i cheated on this boxā¦