I loved this box! It’s really realistic and takes a bit of time to look through to gather the required parts needed to own.
User 1:
Finding the first user requires a bit of enumeration in order to find more information about the LP setup, including users. There is a tool you can use to help with this. e4***x is helpful and so is search tool (think what kind of box this is) that has been shown by ippsec. I personally used the latter to find my information, but both tools will work.
Maybe you found a note left by a lazy sysadmin, is it good? Maybe it’s for another user? Take the information you know from either of the above tools to find users that you can check to see if the note works on them too. There is a tool, again recently shown by ippsec, that makes this super easy.
Then you have to be evil and use what you now know to exploit a service running on the box to get a shell.
User 2:
This was a bit of a problem for me and it shouldn’t have. Being a Linux guy myself, I always use the -a flag when doing a directory listing. Maybe something like this will help in the root directory? If you find something that looks interesting, keep looking and you will find a file that will contain some magic information.
Again, be evil and use what you know to get a shell.
Root
I spent too much time on this when I had it all along. I knew from my nmap scan a service on a low port running, but couldn’t find information on the box. I was trying to see who I was, but I wasn’t seeing all of that information. Due to this, I wasn’t seeing everything I needed to. Once I did that, I saw I was privileged to manage a service on the box.
Sharped your Google Fu and look around for a known way to use this privilege to get SYSTEM. It’s actually pretty easy. Host a certain file, manage the service in your shell, listen and you might get what you’re looking for.
C:\Users\Administrator\Desktop>whoami && hostname && ipconfig
whoami && hostname && ipconfig
nt authority\system
Resolute