Traverxec

.

Type your comment> @Franna said:

ROOTED.
fun box.

Hints,
Foothold: Can’t use me********? Try doing it manually
Root: GTFOBINS is your friend. NOTHING TO DO WITH RESOLUTION OR SCREEN SIZE AT ALL.

Feel free to PM for a nudge,

not if you use i3 desktop…size matters

Unable to get past the n*d.c file. Read man, read the file. Please help :frowning:

Finally, got the user flag. Puh, so much to learn.
Even copy text in putty is a challange. :smiley:

I’ve got the user private key but I can’t decrypt the passphrase to use it. Can someone give me a hint on this ?

Type your comment> @RaoulDuke said:

I’ve got the user private key but I can’t decrypt the passphrase to use it. Can someone give me a hint on this ?

John worked for me. Got to make the hash first with a .py script.

Type your comment> @Lexxie said:

Type your comment> @RaoulDuke said:

I’ve got the user private key but I can’t decrypt the passphrase to use it. Can someone give me a hint on this ?

John worked for me. Got to make the hash first with a .py script.

Thanks I was using the wrong srcipt now I’m on my way for the root.

Did anyone got the file via web or also only with gussing on cli?

Type your comment> @cpc6128 said:

Did anyone got the file via web or also only with gussing on cli?

You’ll get something via web… before that you need to look carefully and read any configs you find after you get the initial shell.

Rooted.

just rooted! some hints
user: as someone said, if you can’t see it, it doesn’t meant that it doens’t exist
root: if it works, go small :slight_smile:

I was able to solve on i3-gaps with 3440x1440.

Resolution isn’t the only way to skin this cat. :wink:

this box is trash. it only took me like 5 minutes to figure out the initial shell foothold but it’s so unstable and crashing every 2 minutes and half the time port 80 just doesn’t even show up or respond.
i’ve wasted literally hours just trying to keep the shell open long enough to actually do anything.

@jkr is this intentional? it’s so frustrating

@dr0ctag0n its not intended. There is a HTTP dos vulnerability on it that people love to try by some wierd reasons!

Type your comment> @stoffern said:

@dr0ctag0n its not intended. There is a HTTP dos vulnerability on it that people love to try by some wierd reasons!

the server was not booted at all in the VIP labs, i just booted it fresh after waiting several days since release and it’s still doing that. Tried using the initial shell to save a binary shell and run it and it still stops responding after a few mins. :confused:

got user password cracked… but its not working when i ssh?!!

Spoiler Removed

Epic box :^)

Thanks @w4x for nudges

root@traverxec:# id
uid=0(root) gid=0(root) groups=0(root)

Was anyone able to get a shell on the box without using the common tool for automating things like this? send me a message if you have a way please.

Edit: Please ignore. I am an idiot and never thought to read the source code in this tool.