I think this is my first medium box, was pretty fun, especially user flag.
This one forced me to get away from my usual approaches which IMO is a good thing.
Some hints:
foothold: you’re told what to find, you can find it with simple tools
user: you’re given everything upfront, read it and research/understand each line, its a puzzle worth solving
root: Few ways here… one simple way is to do something twice
Can anyone please give me a helping hand with user. I have the pieces of the puzzle, but the glue, or the key rather, that holds them together still seems off. It’s soooo close but just not getting the proper o**.txt after getting it I think I’m off by just a few characters. Help would be much appreciated.
Rooted !!!
Really really fun box, it required some understanding of python, which is simply
This box takes you away from usual approaches to owning which I really liked.
Some HINTS:
Foothold: The page says it all, you have got the file to grab and also the directory told by them. Honestly can be grabbed manually (no fuzzing needed).
User: Simple yet interesting cracking of script, just understand what its doing and reverse it. Everything is given on a silver plate inside the home.
Root: Read the code carefully and exploit the vulnerability of SLEEPING rabit once it stored the important file at some location. Do basic scripting to capture that, since we humans are not that fast, but scripts are
Nice box, got me building some cool scripts I haven’t had to do before, even if I didn’t use them.
Foothold was really basic, you could guess the directory or use a fuzz to find it. I’ve personally used this sort of directory before when starting a project.
User: Pretty simple once you find the files. I wrote a brute force script and let it run for 30 mins on a huge wordlist and found nothing. Reversing the script was so much easier and it took less than a second of compute time to find it.
Root: again really easy. Read that script you found and figure out how you can exploit it to find what you need. Took one google search and less than 5mins to get it working.
I thought that was a super fun box, I enjoyed every step
user: If you understand what it’s doing, you don’t even need to write a line of code to reverse it
That’s seriously the best hint I’ve seen. Not on this box, like ever. Spared me so much time and at the same time not even revealing anything you don’t “know” already. Thanks!
@clubby789 PM’d to make sure rooted the intended way. Feels it’s still an unintended
As a total newbie I just want to give some thumbs up to all the people helping out. I cannot find the directory though If someone can give me a nudge that would be great. Learned a lot from the faillures though
can someone lend a hand for root. I am writing something to catch what is needed but it isn’t working (my python is not so great). Please PM me if you can help
EDIT: Thank you @Hilbert
root@obscure:~# id
id
uid=0(root) gid=0(root) groups=0(root)
Hey guys, I’ve got user, but stuck at root. It seems I need to execute B***H.py, but when that script runs, it borks as it can’t access the shadow file. It seems it should run with a +s flag, but I guess I’m in a rabbit hole. Any help would be appreciated
UPDATE:
I solved it. Turns out there’s a way you can list a user’s abilities to run as root.
foothold: ffuf is a great tool! if you already went through your dir dictionary several times maybe focus on files, the hint is dead on. Read the code, play with it in your local, debug it, if it looks weird follow your instinct
user: breaking crypto is way easier if you understand the encryption/decryption functions and have some examples laying around
root: your enum scripts should catch this one, and you might already have seen it while on your initial foothold. Racing against the clock works best when you’re faster and watch closely.