Networked

Hello guys.
I got shell into the machine with a***** user, once logged in if i type “whoami” sometimes display a***** user and sometimes display g**** user.
Is this a machine bug?
Is this a cron process ?
Any further hints?

Type your comment> @wsurfer said:

Hello guys.
I got shell into the machine with a***** user, once logged in if i type “whoami” sometimes display a***** user and sometimes display g**** user.
Is this a machine bug?
Is this a cron process ?
Any further hints?

Had the same issue, closed other shell & waited for next cron exec & was “g***”

Any hints on getting user once u`ve gotten a low priv. shell?

Rooted! Can someone please explain the user exploit and why it works?
User: Go to …/…/…/u****s and you’ll get it.
Root: Once you find the right file… “Do something please” “No” “Sudo something please” “OK” :wink:
Hope that’s not too spoilery

PM me for hints/explain the exploit for me

Got Root!
A very nice box that brings you back to basics and reminds us not to overthink of simple things.

Follow the route: shell → user → root

Hints:

  • Shell: enumerate directories and find a way to bypass the security measures
  • User: Command injection in vulnerable script
  • Root: Way easier than user. When you find out what you can run as root search well on Google regarding on how to exploit the code.

You are more than welcome if you want hints via PM.
Nice box @guly !

I’m struggling with getting connection to the shell. I uploaded the package and loaded the image in the browser, but I can’t get connection with by terminal. Any nudges (or DM’s) in the right direction are greatly appreciated

The first version of this box, exposed other ppls inital foothold, that threw the struggle away - you could see contents of the /u***d folder. To get user was easy bcause you could see what other ppl was doing to get it. Same with root.

Feelt like i cheated on this box…

Rooted!

thanks to @Hilbert and @xcabal

for any hints DM me.

Rooted! also thanks to @xcabal for helping me at the user part.

DM me if you need any hints.

Cancel

Type your comment> @Emrys said:

I got user access but am stuck on how to elevate. Could someone PM me with a nudge in the right direction on how to get root access???

So I found what I needed to find as g**** but the file never changes. Thoughts?

edited: found the problem

Thankyou @guly for the box, good one to remind us of the basics.

Just got the user, but no idea what to do to get rooty-rooty,

any hints please?

Finally rooted, thanks to @blooch4 and @Hilbert advices !!

Hi guys, pretty new here and enjoying every minute. Iv’e gotten an initial shell on this box as a*****. Definitely having a hard time escalating to user. I know I am overthinking for sure. tried everything I can think of with the odd files but no luck. A DM with a slight nudge in the right direction would be much appreciated. Meanwhile, im gonna keep trying things haha

I could really use a hint for getting user.

  • I have a low priv shell.
  • I have found the script being run by the user.
  • I have stared at PHP code for way too long.
  • I can escape and run some code as the user
  • I don’t get the hint everyone gives about TOUCHING. When using that command I can create a file in the same location as the script is being run from. What am I supposed to do with that?
  • I have tried messing a lot with chown and I can get the user flag and get write rights in the directory etc.
  • I feel very limited without being able to use / in me code execution.

My brain has turned to porridge at the moment - can you please give a hint on how to proceed with what I have?

EDIT: Okay, so I just got user by some wonky use of chmod, but I don’t belive this is the way people are hinting at?

Type your comment> @S0l3x said:

trying to get root… i found the c*********.s* script but cannot find a way to gain command execution with it. I have tried all sorts of cmds for the NAME var but I just don’t see how it is executed per the code. any help via DM would be appreciated>

Ditto. Could someone give me a nudge in a PM? Also, I’m not sure it’s important but I don’t get any error messages in my reverse shell as user… Thanks.

Type your comment> @n0rdberg said:

I could really use a hint for getting user.

  • I have a low priv shell.
  • I have found the script being run by the user.
  • I have stared at PHP code for way too long.
  • I can escape and run some code as the user
  • I don’t get the hint everyone gives about TOUCHING. When using that command I can create a file in the same location as the script is being run from. What am I supposed to do with that?
  • I have tried messing a lot with chown and I can get the user flag and get write rights in the directory etc.
  • I feel very limited without being able to use / in me code execution.

My brain has turned to porridge at the moment - can you please give a hint on how to proceed with what I have?

EDIT: Okay, so I just got user by some wonky use of chmod, but I don’t belive this is the way people are hinting at?

Definitely in the same boat. Brain is mush, however still havnt gotten user.

Rooted!

User: It’s not complicated! PM me if you’re stuck

Root: Not hard but I was confused, I needed to hear from someone.
If you’re stuck PM me I’ll be happy to help you