OpenAdmin

hi, found a p***.s*** file with a kind of hash in it. Is it usefull to get to user2?

@kalagan76 said:

hi, found a p***.s*** file with a kind of hash in it. Is it usefull to get to user2?

I am currently at the point you are. Try breaking the hash and look at what that webpage actually does. The one in the i****l folder. Not sure where to go from there though im working on it.

Type your comment> @Sup3rUs3r said:

Comrades, I am a user with low privileges. I don’t understand how to find the password for user1. Help me please.

ls and cat.

Very easy box

Spoiler Removed

Awesome box, thanks @dmw0ng. This box was a lot of fun to own.

Rooted!
Some clues:
user: enumerate. enumerate a lot. yeah, there are a lot of rabbit holes, but you’ll handle it.
root: simple prev esc. if you got the user, you are able to get the root. if not - try to use gtfobins)
anyway, if you have any troubles, PM me!!)

Anyone want to help me with script.sh ? It always displays $ sign ? i am doing something wrong ?

Type your comment> @khalid said:

Hello guys
now i managed to get the second user, and i’m trying to get root
when i try to run SU** -* command it gives me this error:
****: PERM_ROOT: setresuid(0 , -1 , -1): Operation not permitted
****: unable to initialize policy plugin
, any idea?
please help

Same Here, can some one give a nudge on root user.

Type your comment> @fooforce said:

Anyone want to help me with script.sh ? It always displays $ sign ? i am doing something wrong ?

If the script does not work try running the commands line by line in a terminal.

Don’t be fooled by the $ sign though. Its not a Shell you get when it works, more of a remote command execution.

Hey guys, I am pretty stuck atm. I get a user2-shell by putting something somewhere and calling it. But it’s unprivileged and no way to alter it. So the interesting commands don’t work. I tried many payloads i know and from msfv.

Ohter’s point towards the thing you get from somewhere, which I processed the usual way but it keeps asking for another password. Afaik that means it didn’t really work.

Can you give me a hint?

Rooted! Very good box. I have learned a lot. The hints here more than enough for you to solve. However, you have to feel pain along the way it is best way for learning. :slight_smile:

Type your comment> @RaNa said:

Type your comment> @khalid said:

(Quote)
Same Here, can some one give a nudge on root user.

Which user are you running as?

Been stuck for the past few hours on getting the second user. So I am currently in j**** trying to get access to ja. Found the interesting thing in the il folder w/ the i**.p* files. I think I understand what those files are supposed to be doing but I do not understand how to make use of them. Found the password in one but haven’t made any progress since then.

Type your comment> @3ken45 said:

Type your comment> @RaNa said:

Type your comment> @khalid said:

(Quote)
Same Here, can some one give a nudge on root user.

Which user are you running as?

j****a

Type your comment> @RaNa said:

Type your comment> @3ken45 said:

(Quote)
j****a

Then you are on the right user, and it should work…

Try resetting the machine. Also check the uid of the users in passwd to ensure no one tampered with that file.

Rooted! Definitely helps if you don’t stay in a reverse shell for user2. Thanks @IvanGlinkin for the hint!

Type your comment> @Nebr0s said:

Hey guys, I am pretty stuck atm. I get a user2-shell by putting something somewhere and calling it. But it’s unprivileged and no way to alter it. So the interesting commands don’t work. I tried many payloads i know and from msfv.

Ohter’s point towards the thing you get from somewhere, which I processed the usual way but it keeps asking for another password. Afaik that means it didn’t really work.

Can you give me a hint?

I kind of answered that question myself :wink:

Thanks for the box!

Rooted.
Foothold definitely takes more than the rest, but once you get in everything is very straightforward.
as a side note: much of the difficulties I encountered were due to the stains of sticky fingers left here and there by others…
Please, remove your own artifacts from the boxes once you’re done, and avoid messing up the actual files, thanks!

Need help with the curl part currently stuck with i**l as j*y.

Disregard I figured it out. :stuck_out_tongue: