Traverxec

For people struggling with root. remember its not always a good idea to maximize ur screen :wink:

Got a low priv shell, could someone help me with user?

btw box goes down likely due to people running the wrong CVE since there’s one for dos

Spoiler Removed

hint for user:
enumerate… enumerate… enumerate…
don’t brute-force ssh…
for root:
GTFOBins is your friend…
PM me if you need help
YaSsInE

Spoiler Removed

Rooted.

Thanks @jkr for the fun box!

Feel free to PM if you need hints.

Someone’s tip helped me)))

Still stucked with the credentials found/cracked. I have viewed all the files contents within the n*****o directory for additional information/hints but I did not find anything suspicious.

Anyone who can PM for a nudge into the right direction? Thnx

EDIT: Thanks @YaSsInE for the nudge!!

This was fun. Owning user was a bit tricky at first but looking back it was a rather straightforward process.

  • Hint for user: read configs and enumerate
  • Hint for root: read the code and gtfo

Feel free to PM me for help!

Thanks to @YaSsInE rooted it, i understood that i need somehow to stop it… but never thought this way… Funny machine… learned quite a lot from rooting.

Hints for user :
-Once you are in, read the manual. Read it till you find something interesting.

Hints for root :

-The answer is in front of you the moment you get user. I went down a rabbit hole and I can understand why people might overthink it, even despite checking GTFO Bins. You need a little trick not so obvious.

Rooted this box!!

  • Foothold: No hints needed, it’s too easy!
  • User: The first obvious thing you’ll find is probably not what you need; Read the contents of the files in the n****** directory and you’ll get there…
  • Root: Find an obvious file for your way to root. It took me unnesasary time because of a less thing…

Thanks to my fellow countryman @ToneDef :slight_smile:

Rooted! Once the port issues settled down it was a fun box! Thank you @jkr!

Tips:

Foothold: read other comments posted here, enumerate and you are in

User: Ditto, read the manual, understand how things works and are set up this will point you to where you need to go

Root: GTFO Bins and just seeing what is right there is all you need.

General advice: keep it simple, enumerate, read, google, take stock of what you have (often right in front of you).

Rooted :stuck_out_tongue:
For the user you should read a config file and the manual of the service, only the thing that matters.

For root, Swagshop’s root had almost the same approach as this one.

Great box, finally rooted. Learn to remember my ssh toolbox

I’ve found the creds and read the contents of n******* dir but can’t see anything to use. Is it the ht****** section or the ho****** section that I should be looking at? I noticed I can view a private space but no where to use creds.

any nudges from here?

EDIT: I’ve manged to find another interesting dir, the hunt continues :slight_smile:

got user, but needed some help to clear my mind!

Root is troll…but I love it.

Rooted,

Feel free to PM if you need nudges