Craft

Rooted ,DM if u need help :slight_smile:

Got user and root. For root read the documentation and apply it to the obvious .sh file and construct your own command based on the two. Shout out to @nirodha42 who helped me with my obvious stupid mistake with the db to get the additional users.

Rooted. Really fun box! Got stuck on the initial shell but finally got it. Root was all about reading the manual as others have said, I had never heard of the service before but figured it out rather quick.

Pm for hints.

So after three days I was able to get shell thanks to hevr and the many others who helped. Now onward and upwards and more days and days of struggling of figuring out whats next on the menu of pain.

Is it worth trying to exploit CVE-**-4? I was thinking in getting a reverse shell with g hs.

done 1x24 hours. insane box. great job for the author
rooted already. user.txt and root.txt owned
the hardest part on this box is finding the hash for me

need help ? PM me :smiley:

I canā€™t believe I spent so much time working on the payload to gain the initial foothold! My reverse shell kept closing and closing again. It was because I was calling a binary the system obviously didnā€™t have installed. Too much overthinkingā€¦

Can anybody help me?
I got access to gogs with correct user, found some rsa keys, i believe i can get SSH access with them, but even using * ssh - **** - id user @ host i canā€™t connect using ssh -i id-rsa .pub user @ host

ps: iā€™m having problems: sign_and_send_pubkey: signing failed: agent refused operation

am i on the right path?

Type your comment> @emp1 said:

Can anybody help me?
I got access to gogs with correct user, found some rsa keys, i believe i can get SSH access with them, but even using * ssh - **** - id user @ host i canā€™t connect using ssh -i id-rsa .pub user @ host

ps: iā€™m having problems: sign_and_send_pubkey: signing failed: agent refused operation

am i on the right path?

try to not using extension for the rsa :smiley:

can user d****h do regular ssh?

Hey l33ts

On top of previous question i want to ask is login to ssh required to get reverse shell? Or does finding d****h user helps in getting into ssh? There is some ssh information avaliable after login, but im not sure if this can be used in any way.

Thanks for tips in advance!

I have looked at the python, and understand how to call the api but need help escaping the commands. Where can I learn how to escape my input properly?

*Got foothold, ty

Please, any hint for start and enumeration

any nudge to escape from jail?

Is there still anyone on this machine?

removed

Just rooted!

It isnā€™t a hard box, so my main hint is to keep it simple. There are a few rabbit holes, so if you doing anything too complicated, go back to the start. :slight_smile:

For both User and Root, enumeration will get you very close to what you need to do. For root, after check the results of your enumeration, a google search will tell you all you need to know.

A box reset and I solved all my problems.

Nice machine.

Someone please give me a hint on breaking out of the e*** function - Iā€™ve spent long enough on it. Can share what I have. Cheers.