Type your comment> @Dinesh42 said:
Got user access @M**t
YOU GAVE AWAYYYY i had low shell and M**t and THE PAssword for matt but you gave away!! nvm…
gg tho
Type your comment> @Dinesh42 said:
Got user access @M**t
YOU GAVE AWAYYYY i had low shell and M**t and THE PAssword for matt but you gave away!! nvm…
gg tho
Rooted !!
Hints in the forum are more than enough to get yourself going. If any problem don’t stop yourself from DM
need hint for user
12 hours and finally got root. R—s was pretty new to me and was quite the learning curve.
Tips:
Foothold:
0. READ and RE READ all the messages in this thread, there are a lot of useful nuggets.
Pwn User:
0. Ditto Foothold, regarding keeping it simple.
Pop the box (owning root)
0. Ditto and Ditto
Any box that gives me the chance to learn things I did not know prior to starting is a good box. Thank you to the creator for putting this fun little project together.
@c1cada hey man i rooted in 1 hours. the whole machine but there one issue! i think i did unintended wanna share how you rooted…
Spoiler Removed
someone plz pm me i am stuck in user need of help for privilege escalation??
I got creds for low user but not able to login anywhere, can anyone give a little push?
Type your comment> @cycl0ps said:
I got creds for low user but not able to login anywhere, can anyone give a little push?
Got in, I was messing with case.
I’ve got access through r***s. I’ve discovered 4 potential attacks,
This is my first box. Managed to get user, but stuck getting root. Have been trying exploits in m*f on w***** with user credentials but unable to get a session. Would be grateful for a PM with any hints/nudges.
Got it! Overlooked an option. Thanks to @usernamestaken and @Lucyn .
ssh -i id_rsa r****@10.10.10.160
r****@10.10.10.160’s password:
Permission denied, please try again.
anyone can help? i input correctly but i can’t login
Type your comment> @d4rk5p07 said:
I’ve got access through r***s. I’ve discovered 4 potential attacks,
- webshell → not working (no write access)
- copy ss*-related file in home dir → not working (no access)
- inject cronjob → not working (no access)
- Master/Slave exec payload → not working (missing command MOD***)
what i’m missing? is it one of the 4 options i discovered?
Option 4 seemed the most promising to me. Ive worked through this thread, but as it seems i dont understand the breadcrumbs at all.
One of them works. Think about directory aspect again…
First machine and finally got root! Lessons learned and i thought it was a fun box !
I just rooted the box and have some questions about the initial foothold. The way that r**s is set up on the box, is that a normal setup? I was surprised how my attack actually worked.
Was able to decrypt the i*****.**k , although always getting “Connection closed by 10.10.10.160” , looking into the sshd config i can see that the user is actually denied to login via ssh, is this expected?
@tekkenpc said:
Was able to decrypt the i*****.**k , although always getting “Connection closed by 10.10.10.160” , looking into the sshd config i can see that the user is actually denied to login via ssh, is this expected?
I’ve been having a ton of overall issues connecting to the box lately so i don’t think you’re alone. not sure if anything has changed, but some others have been saying “keep trying til it works”
Type your comment> @nob0dy73 said:
I just rooted the box and have some questions about the initial foothold. The way that r**s is set up on the box, is that a normal setup? I was surprised how my attack actually worked.
There are more than one configuration items which bears the imprint of a CTF-like implementation. One of them is applying the DenyUser option in sshd_config, and an other one is using the command rename option in the r***s configuration file.
Purpose of these settings are exclusion of alternative solutions.
Type your comment> @passkwall said:
@tekkenpc said:
Was able to decrypt the i*****.**k , although always getting “Connection closed by 10.10.10.160” , looking into the sshd config i can see that the user is actually denied to login via ssh, is this expected?I’ve been having a ton of overall issues connecting to the box lately so i don’t think you’re alone. not sure if anything has changed, but some others have been saying “keep trying til it works”
Let’s just say, if you’re already in one of the house’s rooms, don’t just walk out and ring the doorbell again.