Traverxec

Type your comment> @saminskip said:

Just update/upgrade kali.

Using Parrot and it’s updated still a no show. /shrug guess I just have to wait lol.
Used the non meta version anyway and got a foothold + but just curious about the lack of the search result.

Rooted! A great thanks to @JuicyyCandy.
I feel so stupid now…

Pretty easy but really funny.
And of course, learnt a new thing :slight_smile:

Rooted!

Easy/Fun box

User: It’s quite simple but could be confusing, John is always your friend, man is also your friend.
Root: Very simple. GTFO Bins

PM me if you are confused

Rooted! :smiley:


# id
uid=0(root) gid=0(root) groups=0(root)
# whoami
root

I’m not sure if this was really easy, or I’m just getting better, but this was my quickest box to root so far. Less than 12 hours total :smiley:

Pretty much everything has already been said as far as hints go for both user and root, but feel free to PM me if you need a nudge.

Type your comment> @frod said:

Root: I’m not sure what I’m looking for. The s****-s**.sh seems interesting in particular one line. GT***s to gain root access or there’s a whole game of symlinking ahead?
PM me please

PM me bro

So I’ve hit a wall. I cracked the user password for the web app but I don’t know how to authenticate with them. Need some help to figure out what I’m missing here.

ROOTED…!!! Learnt something new…!! Phew… Need a break… haha :slight_smile:

Hate to ask for help at this point as I know I’m so close to getting user, but I’m hitting a wall. I’ve pulled what lies in the place you don’t expect, but it’s still asking for a password.

A nudge would be greatly appreciated!

Rooted! Great box, really informative!

As usual, pm for hints/tips or help.

And if you used the creds, hit me up with how. I didn’t need them in the end but I’m curious

Type your comment> @PrivacyMonk3y said:

My meta doesn’t allow me to search for the n******o exploit.
Is there a way for me to update the database or something to include it?
Some of you are claiming it’s in your db.

Update meta

I am having trouble in cracking the hash. I know its in m*5 format and salt$hash. But cant crack. plz help

Rooted! Fun machine. Looking back on it, I made it harder than it needed to be.

PM for hints/tips or help. Thanks to @olsv for the nudge.

For those who are stuck in either user or root. Here are some Hints!

User: look closely at the configuration file and search all directories…

Root: look at the script running with what privilege… try to understand what is that binary used for and how to exploit it. GTFOBINS is very useful … check it out. Remember you do not need output but only need input from the binary command. Cheers.

If these hints were helpful pls gimme respect too. thanx

rooted finaly thx to @Shad0wQu35t and @Hilbert

Got user.

Know what to exploit for root, yet don’t know-how.

Type your comment> @Ma1ware said:

Got user.

Know what to exploit for root, yet don’t know-how.

new terminal not full screen.

Rooted!
Will be busy so won’t be able to answer you guys, sorry! But I will surely mention the hints which nobody told and were helpful:

FOOTHOLD: Straightforward public exploit

USER: Look at the conf file. What is the thing mentioned there which is only one for a user but two are mentioned. There you go!

ROOT: It was soooo fun! As everybody said, GTFO is useful. I don’t know what others are talking about related to screen resolution. Just remember one thing, you can copy the script and edit it as per your need.

Finally rooted the box. I can’t believe that it took me this long to figure out the hidden directory. After that, it wasn’t all that difficult. Plenty of good hints here. Thx ppl. If you need help, let me know.

Can I maybe get som help on how to get user? I have the creds, I know the directory where they are located and also the conf. I just don’t know what do do with it.