OpenAdmin

already on shell, but can’t acces directories with cd

Rooted, that was actually a pretty fun box. User was a bit more complicated than root.
foothold: /
user: if you find a pw try it, then do some curls
root: GTFO

i dont know where everybody found vulnerable version, ran directory searching found si*** , mu***, and ar***** but none is using any technology

yea… idk … I’ve read every line of every file you can get to in the www dir… there is no creds to be found.

and rooted!

Love this box, 99% user with a little initial foothold and a sharp root.

HMU for help!

Im interested in the unintended way to get root that is mentioned in some of the comments. A PM is very much appreciated.

Really nice box ! I’m available for hints in PM if needed :slight_smile:

Spoiler Removed

@IamKsNoob I Pmed you

Rooted, but I would also like to know the unintended way. User was fun, but root was way too easy. Feel free to DM if you need a hint!

Rooted, nice and fun box.

ISSUES:

  • I didn’t find needed service page at first
  • The exploit didn’t work because I did not pay attention at the arguments parsed

LESSONS LEARNED:

  • Try different wordlists while directory bruteforcing a webapp or pay attention to machine name, maybe you can find the service’s opensource page
  • Pay more attention to small things, re-check everything is in place when you are sure the exploit is meant to work

Although I do not really enjoy ctf like boxes, this was pretty enjoyable.

Type your comment> @5h1v4 said:

Msf doesn’t work? any leads?

Personally msf works for me, but if you have problems with it then try something else.

Nice and easy machine. Feel free to pm for a nudge

Overall a goof box for beginners. Got somewhat annoyed by slowness and other users breaking stuff. Spent a lot of time on a few brutes that should take seconds but took several minutes. Good that the uninteded root was fixed.

Foothold: stands out in enumeration, for me, took 30min to show up.
User1: Enumerate and find something which is usable because users are lazy
User2: Easy enumeration. You dont always have to follow rules already written
Root: hard to give a hint. Quite common in HTB.

Cryptic enough?

For anyone asking about the unintended method, I didn’t do it myself but I understand that the root flag was mistakenly copied into a world readable file. This has since been patched

I just realized I got the root flag pretty early using the unintended method, but only tried to apply it to the user flag, which didn’t work. Saved it in my notes and kept working…thinking it was an old artifact. Ended up rooting it the intended way. Plenty of tips here, but if you are stuck feel free to msg me.

Rooted. Very easy box.

Rooted in 30m, really easy and funny box.
dm for nudge.

Type your comment> @clubby789 said:

For anyone asking about the unintended method, I didn’t do it myself but I understand that the root flag was mistakenly copied into a world readable file. This has since been patched

Yes, it was. I found it within 10-15 minutes or so once the us-free-1 server came up and was like WTF lazy ■■■ person before me left this here. Only to find out after every reset it was still there! I cleaned it up on my server.

They patched it pretty quick, but not fast enough to take the sting out of the 11 minute root. :frowning:

Just finished this! Foothold and the two users took two hours, root took less than a minute!

Thank you for the box, the user part was super enjoyable! Feel free to PM for hints!