AI

I don’t get it.

I ran directory scanning, found u*****s error 301.

2 minutes later, I get only 403 for same directory.

Can someone clarify me?

EDIT: Nvm, Im stupid.

@twypsy said:

You can either record the word yourself, or replace the R with “her”.
had to throw a co**a in there to separate the R part there but thanks for that tip, really helped.

This root is really kicking me. I suppose more google might do the job but does it have something to do with the cat?

Really liked the root part =) thanks for the box @MrR3boot!

@crankyyash said:
Everyone is saying to understand the exploit to root but I have no background on that stuff. Reading the entire code or even the explanation gave me a headache. Can anyone pm me to help me understand it better?

Edit : rooted. Don’t be single-minded in root process. Once you confirm the exploit is working, there are too many ways to root. I felt so stupid when someone told me about it.
Thanks @Icyb3r @0PT1MUS @N7E for the hints
Thanks @MrR3boot for the box. Cool idea

@v01t4ic said:
Really liked the root part =) thanks for the box @MrR3boot!

Glad that you had fun :slight_smile:

USER/GROUP

[-] Current user/group info:
uid=4000000000(mrr3boot) gid=1001(mrr3boot) groups=1001(mrr3boot)

Type your comment> @jvlavl said:

USER/GROUP

[-] Current user/group info:
uid=4000000000(mrr3boot) gid=1001(mrr3boot) groups=1001(mrr3boot)
You are chasing rabbits

hi… could someone help me with with the wav-generation…
i tried A LOT onlinetools, gtts,…
and the sugested “celebrated” fe…al-tts seems nothing better…
i changed its t…2…e-tool’s voice to almost every northamerican there is… :wink:
what am i doing wrong?

Can anyone help me with generating right wav? Try different tts services, but no result and also can’t understand is my query right or not for exploitation? Please, write me via PM

Type your comment> @brueh said:

hi… could someone help me with with the wav-generation…
i tried A LOT onlinetools, gtts,…
and the sugested “celebrated” fe…al-tts seems nothing better…
i changed its t…2…e-tool’s voice to almost every northamerican there is… :wink:
what am i doing wrong?

If you have access to a Windows box, desktop dave might help.

That was easy and fast to get user.

root@kali:~/Downloads# ls speech*
‘speech(10).wav’ ‘speech(15).wav’ ‘speech(1).wav’ ‘speech(24).wav’ ‘speech(29).wav’ ‘speech(33).wav’ ‘speech(38).wav’ ‘speech(42).wav’ ‘speech(47).wav’ ‘speech(6).wav’
‘speech(11).wav’ ‘speech(16).wav’ ‘speech(20).wav’ ‘speech(25).wav’ ‘speech(2).wav’ ‘speech(34).wav’ ‘speech(39).wav’ ‘speech(43).wav’ ‘speech(48).wav’ ‘speech(7).wav’
‘speech(12).wav’ ‘speech(17).wav’ ‘speech(21).wav’ ‘speech(26).wav’ ‘speech(30).wav’ ‘speech(35).wav’ ‘speech(3).wav’ ‘speech(44).wav’ ‘speech(49).wav’ ‘speech(8).wav’
‘speech(13).wav’ ‘speech(18).wav’ ‘speech(22).wav’ ‘speech(27).wav’ ‘speech(31).wav’ ‘speech(36).wav’ ‘speech(40).wav’ ‘speech(45).wav’ ‘speech(4).wav’ ‘speech(9).wav’
‘speech(14).wav’ ‘speech(19).wav’ ‘speech(23).wav’ ‘speech(28).wav’ ‘speech(32).wav’ ‘speech(37).wav’ ‘speech(41).wav’ ‘speech(46).wav’ ‘speech(5).wav’ speech.wav

Edit: Could not get root shell. Got root-flag, but ran out of ideas for shell. PM me if you wish to tell me how you got root-shell.

need help with generate correct wav file, please PM me.

Rooted, it was very funny…

Thanks for this machine @MrR3boot

Feel free to PM me for hints (user / root)

WTF this box

The initial part was too much hard for me

My English pronunciation is not good so Is necessary use a TTS service

My hints:
user: everything is here. Try to make a query “easy”

root: just enumerate as usual and get some research. The exploit isn’t stable so, keep trying until you get your flag

Mr robot’s boxes always suck. This one is no exception.

I have found the error and are working on generating the query. My tool for this seems to be quite unreliable. Can anyone help me in the right direction? i am running osx and kali, not windows :wink: pls PM if you know of any better tools than g…-c…

Can anyone please dm me a decent TTS tool?

Rooted.

$ nc -nlvp 1234
listening on [any] 1234 …
connect to [10.10.14.46] from (UNKNOWN) [10.10.10.163] 51680
id
uid=0(root) gid=0(root) groups=0(root)

User: Spend more time trying to get a good TTS + voice combo rather than forcing a bad one to work. I burned too many hours on default… Once you have that, the actual attack just requires looking in some well-known/guessable spots.

Root: As others have said, do some meticulous enumeration. Read the background on how the exploit works.

Happy to nudge people in the right direction!

Rooted
I was very interesting

Was the machine changed? Even after reset, a certain port related to killing a cat is closed?