AI

Rooted. This box is pain

Just rooted it, WOW this box was fire :smiley:

Rooted!
Nice work from @mRr3b00t .
I got user with a famous “female” voice :slight_smile:
User is pretty straightforward if you don’t overthink.
For root…I got totally stuck into the m*t user waterhole because of its U (and a known exploit related to that U).
Then I realized there is something going on periodically…and we got the shell!
Cheers

it’s weird I got outputs
can I use base64 in this box to get shell ?

I have tried a lot of t…s and some words aren’t understood… I know the attack on the user but not all ■■■■ words are being understand by AI

■■■■ this box. I fucking hate it. I said fucking comma motherfucker not “come out” or any fucking variation of such.

So, does anyone know how to make machine understand queries correctly and not give “but i’m single” “select few” “err err” instead of actual words? I am using tts org with male voice. I am trying to add spaces to make ai read words relatively distinctly, but always get stuff from above, i can’t even get what condition make it happen.

EDIT: finally found site (sadly, not local tool) which, most of time, works. You can PM me for this site, i always get spoiler removed when posting tools in mrreboot machine’s forums.

Done. Finally.

it’s wired I got this uid=4294967294 gid=1000(a***) groups=1000(a***)

I got this sudo: unknown uid 4294967294: who are you? any hint

nice box I learned a lot of this box thanks MrR3boot

Root was a literal pain. Couldnt get exploit to work, ended up doing everything manually.
Gotta say, this machine was fun and not fun at the same time. Made me wanna cry a few times, but at the end it feels good to finish it.
Well done @MrR3boot !

Rooted. I got a root shell, and I used the exact same syntax to obtain it about ~13-14 times over. I reset the box twice. Super unreliable and not sure how to MAKE IT reliable. I didn’t change my methods for running anything the entire time. Did the same process over a dozen times and it just happened to work once.

Not really sure what was going on here, but not even going to bother investigating. This box was a huge pain in the ■■■ for me.

If I can show you my syntax @MrR3boot maybe you can better explain what I was doing wrong and/or what was causing it to be so unpredictable?

Thanks for the machine, regardless. Always a learning experience.

Edit: @MrR3boot has now verified what was causing this issue, and I’ve fixed it accordingly. For those of you running into a similar issue as myself, learn more about the service and specific aspects of it that your script may be utilizing. This is the part that stumped me!

I liked the user part, it was an original idea and an unusual task for a hacker. There were bad and good moments while I struggle to find a proper tts, but finally I managed to find an online service which “solved” my problem.

This was my second host that was made by MrR3boot, and noticed that he like to leave his signature. And it is only a signature and it is not the key to the vulnerability. I think I understand the joke (or fine irony?) behind “sudo”, which is very often solution for privilege escalation in this site.

Root part was interesting but contained uncertainty. I was lucky because my third attempt - including the same command - was successful.

Type your comment> @bumika said:

Root part was interesting but contained uncertainty. I was lucky because my third attempt - including the same command - was successful.

I read the article and now I have managed to stabilize my privilege escalation process.

Just send PM if you are interested in.

@farbs said:
Rooted. I got a root shell, and I used the exact same syntax to obtain it about ~13-14 times over. I reset the box twice. Super unreliable and not sure how to MAKE IT reliable. I didn’t change my methods for running anything the entire time. Did the same process over a dozen times and it just happened to work once.

Not really sure what was going on here, but not even going to bother investigating. This box was a huge pain in the ■■■ for me.

If I can show you my syntax @MrR3boot maybe you can better explain what I was doing wrong and/or what was causing it to be so unpredictable?

Thanks for the machine, regardless. Always a learning experience.

Please DM

Very satisfying, awesome box! Thanks

Getting user was hair-pullingly tiresome at first, the only (seemingly) working service was some online-only generator. Thanks to a hint from another User (Kudos to you again ) I found out about some neat Linux offline tool which allowed me to create different samples quite fast. With little bit of tinkering here and there I managed to find creds. Try the usual stuff first, and you won’t need to go far.

Really enjoyed the root process, learned quite a few new things.
Do thorough enumeration (there are probably 2-3 different standard enum scripts one should always run anyways) and you will discover it. Google if you are not familiar with the found processes. Also, , don’t let some errors discourage you, try again :wink:

OK I have to throw in the towel and ask for some help.

I’ve posted hundreds of WAVs to this thing and 90% of the time the request just times out. I’ve used all the terms on the smart page, used the hinted at online tts along with several others, local tools, and recording myself. I’ve tried 8 and 16 bit WAVs; 16bit always just time out, while 8bit occasionally make it through but almost always don’t attempt interpretation or search.

Out of all the requests I’ve sent, one set of a few random words did trigger interpretation, but even with the same file on subsequent requests, I get nothing back. Not sure how that’s even possible.

After confirming I was doing the exact thing another user was on discord, they sent me a file that worked for them, which when I upload doesn’t trigger any audio interpretation or a search, much less an error or more. Sending a fake, empty .wav file triggers the interpretation and search with blank results, but any actual audio at all times out 90% of the time or 200s the POST without showing the search response at all.

DMs welcome, any thoughts on what I could change in this process would rock. Thanks!

Spoiler Removed

Spoiler, really? - my bad.