OpenAdmin

Rooted the intended way, I think this box needs some work though looking at the comments… nice beginner-friendly box though.

Could anyone give me a hint please? I’m having trouble understanding the script. I’m just getting a $ and no command execution. I’m also not sure where to begin with manually doing it.

Thank you for your time.

Edit the script to point to where you want to go

Rooted after roughly 6 hours…
I feel very stupid now :smiley:

Spoiler Removed

Oh man, I got the foothold just don’t know where to look from here. Been just “cd” and "ls -a -l"ing through the filesystem with no luck.

Any nudges from anyone?

Edit: WTH? Just elevated to user but Is ji*** suppose to have user.txt??? There is no file in his home directory. Should I reset?

Anyone that can give me a nudge? I just got to the box and got a low privileged shell.

Any tips? I had www-data and one user account within about 30 minutes of this box launching, and been stuck there since…and have yet to see the user flag. Can anyone who’s rooted PM me to chat real quick? I can’t be far.

rooted the intended way. pm for hints.

Spoiler Removed

@TazWake sorry I was cryptic, I have www-data AND another user. But apparently that’s not enough. I got SSH access already. Thank you!

PM for nuggets

got the shell but need some help for the user

Rooted intended way, user and root. Great box for beginners, enumeration and a keen eye is required.

Thanks to @conan for the nudge for user.

PM for hints.

Initial: What vulnerable version is running?
User 1: How should you systematically search for enumerated details?
User 2: Is the strange directory accessible elsewhere?

Root: GTFObins

Very easy machine
User

  • CVE
  • Follow the trail of breadcrumbs
  • crack and done
    Root
  • did you remember that useless file?

wonder what the unintended route was. 11 min first blood… dang!

Got initial shell … traversed around with ls and cat. I found a couple of config files but only managed to get my*** credentials… but other than that I’m stuck. Anyone can give me a nudge? Thanks.

@wazKoo Yeah me too!

Type your comment> @idomino said:

rooted the intended way now as well, it was a fun easy box, now another week wait for a new one :frowning:

Well done, ■■■■ your quick ?