OpenAdmin

Anyone that can give me a nudge? I just got to the box and got a low privileged shell.

Any tips? I had www-data and one user account within about 30 minutes of this box launching, and been stuck there since…and have yet to see the user flag. Can anyone who’s rooted PM me to chat real quick? I can’t be far.

rooted the intended way. pm for hints.

Spoiler Removed

@TazWake sorry I was cryptic, I have www-data AND another user. But apparently that’s not enough. I got SSH access already. Thank you!

PM for nuggets

got the shell but need some help for the user

Rooted intended way, user and root. Great box for beginners, enumeration and a keen eye is required.

Thanks to @conan for the nudge for user.

PM for hints.

Initial: What vulnerable version is running?
User 1: How should you systematically search for enumerated details?
User 2: Is the strange directory accessible elsewhere?

Root: GTFObins

Very easy machine
User

  • CVE
  • Follow the trail of breadcrumbs
  • crack and done
    Root
  • did you remember that useless file?

wonder what the unintended route was. 11 min first blood… dang!

Got initial shell … traversed around with ls and cat. I found a couple of config files but only managed to get my*** credentials… but other than that I’m stuck. Anyone can give me a nudge? Thanks.

@wazKoo Yeah me too!

Type your comment> @idomino said:

rooted the intended way now as well, it was a fun easy box, now another week wait for a new one :frowning:

Well done, ■■■■ your quick ?

How are y’all rooting this in 11min… yikes… i’m nearly an hour in and my nmap scan isn’t done…

I found the initial foothold… can someone PM how the heck it’s supposed to work? Just keeps giving me a $ sign and no shell. idk.

already on shell, but can’t acces directories with cd

Rooted, that was actually a pretty fun box. User was a bit more complicated than root.
foothold: /
user: if you find a pw try it, then do some curls
root: GTFO

i dont know where everybody found vulnerable version, ran directory searching found si*** , mu***, and ar***** but none is using any technology

yea… idk … I’ve read every line of every file you can get to in the www dir… there is no creds to be found.