OpenAdmin

PM for nuggets

got the shell but need some help for the user

Rooted intended way, user and root. Great box for beginners, enumeration and a keen eye is required.

Thanks to @conan for the nudge for user.

PM for hints.

Initial: What vulnerable version is running?
User 1: How should you systematically search for enumerated details?
User 2: Is the strange directory accessible elsewhere?

Root: GTFObins

Very easy machine
User

  • CVE
  • Follow the trail of breadcrumbs
  • crack and done
    Root
  • did you remember that useless file?

wonder what the unintended route was. 11 min first blood… dang!

Got initial shell … traversed around with ls and cat. I found a couple of config files but only managed to get my*** credentials… but other than that I’m stuck. Anyone can give me a nudge? Thanks.

@wazKoo Yeah me too!

Type your comment> @idomino said:

rooted the intended way now as well, it was a fun easy box, now another week wait for a new one :frowning:

Well done, ■■■■ your quick ?

How are y’all rooting this in 11min… yikes… i’m nearly an hour in and my nmap scan isn’t done…

I found the initial foothold… can someone PM how the heck it’s supposed to work? Just keeps giving me a $ sign and no shell. idk.

already on shell, but can’t acces directories with cd

Rooted, that was actually a pretty fun box. User was a bit more complicated than root.
foothold: /
user: if you find a pw try it, then do some curls
root: GTFO

i dont know where everybody found vulnerable version, ran directory searching found si*** , mu***, and ar***** but none is using any technology

yea… idk … I’ve read every line of every file you can get to in the www dir… there is no creds to be found.

and rooted!

Love this box, 99% user with a little initial foothold and a sharp root.

HMU for help!

Im interested in the unintended way to get root that is mentioned in some of the comments. A PM is very much appreciated.

Really nice box ! I’m available for hints in PM if needed :slight_smile:

Spoiler Removed

@IamKsNoob I Pmed you