Just finished the box, struggled a little with user at first, root was quite straight forward though.
User: Besides the obvious thing, check the manual and go back to read the c… file . It will tell you what there is to look for (even though you might not be able to discover it easily straight away)
Root: Reminded me a little bit of an otw bandit challenge. Once you found out what can be executed you may want to test it out in a less “restricted” environment.
I can’t think of a better box with such a wonderful narrative no less, to build a strong Linux/GNU foundation. Makes me take a fresh look at some of the commands and utilities I use daily. What an awesome box by @jkr as usual. Thanks!
Initial foothold: too much easy
User: don’t try to bruteforce the pass, bruteforce the key
Root: Simple but tricky… one advice: when you read gtfobins, the most important part is the first line, where it talks about a very small editor.
Initial foothold: too much easy
User: don’t try to bruteforce the pass, bruteforce the key
Root: Simple but tricky… one advice: when you read gtfobins, the most important part is the first line, where it talks about a very small editor.
And also, don’t try to get root with terminal in full screen.
You’ll thank me later
Root was quite easy if you know how the thing works but I don’t get the full screen reference, maybe I did it in a different way.
User was a bit tricky at first because I was barking at the wrong tree, but than I knew that something was there, so I followed the white rabbit to get there. Also I didn’t use the creds, so there must be two ways in. Let’s have a look.
Initial foothold: too much easy
User: don’t try to bruteforce the pass, bruteforce the key
Root: Simple but tricky… one advice: when you read gtfobins, the most important part is the first line, where it talks about a very small editor.
And also, don’t try to get root with terminal in full screen.
You’ll thank me later
Hints:-
User : Enumerate, Read code,get the file and you know what to do with it
And stay away from rabbit holes dont get excited after cracking a credential
Root: GTFOBINS, Read manual and well somethings work when things are smaller.
Everything is right in front of you,open folders,read codes.
if the creds dont work on ssh, there is another option. you should find something in a folder where you can not see anything. maybe the config could help you out?
Howdy all, I have the password for user d, I’ve read n…f and I looked at the docs and found something interesting. I’m in /h…s and getting a Permission denied error for what I’m trying to touch. Any tips?