Resolute

Think someone have tried to be funny and change the password…

Easiest user I’ve ever done.

@extincted said:
Think someone have tried to be funny and change the password…

Think more about what you’ve seen, and what it indicates about the system.

edit: solved. removing initial post.

user.txt
so easy

Is ke**********g the way to go?

Type your comment> @Ma1ware said:

Is ke**********g the way to go?

No need for that, at least for user

HI guys, can you please give me a hint on where to go to get user on resolute, I tried searching for exploits on the services that nmap found, but nothing worked.
Thanks

I may have spotted the root vulnerability, could be a rabbit hole

I have a bunch of usernames but most options require passwords. The only option from I****ct without password returns nothing. Also is 445 a rabbithole for user?

Type your comment> @tang0 said:

I have a bunch of usernames but most options require passwords. The only option from I****ct without password returns nothing. Also is 445 a rabbithole for user?

No. try harder

Type your comment> @tang0 said:

I have a bunch of usernames but most options require passwords. The only option from I****ct without password returns nothing. Also is 445 a rabbithole for user?

Check the output from your enumeration process line by line. Since you have the usernames, I guess you probably didn’t see it, due to some error messages.

Got into user 2, the hint makes it sound difficult.
Edit: On the edge of root now, interesting vuln.

Built my root payload, now to get it executed right

hey guys ! So I got access to rp******* with the creds. But I don’t know what to do from here can you please give me a hint?
Thanks

So I have the right creds for the first user, but it’s been an hour I search, and I find nothing interesting in the S** shares. Do you have a hint ? :frowning:

Edit : I’m dumb, I do not did a full scan so I didn’t saw the high port.

is r*** needed to get root?

Very nice box, its all about enumeration , and for root a little bit of googling if you are not familiar with technique

Spoiler Removed

root has such a cool exploitation process, just read carefully the blog after you get your root foothold.

I really enjoyed it @egre55 , thank you!

If you guys need nudges, PM me, but please don’t come with messages like “Are these credentials valid?” , because I won’t respond to these type of questions anymore.

Rooted. Thanks to everyone who helped me push past the problems with root, pretty frustrating but finally got it.
User: Easiest user ever, just read the output carefully
Root: A bit CTF-y but enumerate everything, once you find the folder switch over and find out more about who you are now. Google will then take you the rest of the way.