Mango

Any nudge to get root?

@sko said:
Any nudge to get root?

Getting root is just basic enumeration. LinEnum should be able to help you out in that regard.

As other comments have noted, user is harder than root for this one. I did not have any luck making the changes I needed to the python script others used to enumerate the users, but I speak some French and was able to use a blog post on the subject to good effect in enumerating them using Burp repeater and intruder. Even after getting the usernames and passwords in Burp, I couldn’t figure out how to modify that python script, though.

Update: With knowledge of the passwords from semi-manually enumerating them in Burp, I was able to get the a**** password with the python script. I still that that route is more difficult and time-consuming than understanding the exploit and using Burp, though.

Had a hard time with this one. Thanks @MrR3boot - you should have called this box yinyan, because I equally love and hate you now :wink:

Foothold was hard for me but learned a lot. Thanks for @H4ck3d5p4c3 for giving me a push. Root was straight forward
Very nice machine @MrR3boot

Type your comment

Really fun box, thanks @MrR3boot .

I wasn’t able to priv esc to root, but I was able to get the flag… anyone care to pm me on if priv esc is possible?

nevermind, stupid stupid, got it! Awesome box!

Stuck at the login page.
Can anyone give me a hint ?

Also stuck at login page - can anyone drop me a hint to some creds?
I’m assuming that brute is the right way but haven’t found any ideas (have used box name, tls info, etc.)

Can anyone give me a nudge on getting root here. Found there is something at js in jm. I can write something using that SUID. A small nudge will be appreciated thanks.

Owned the root. But using the GTFOBINS to view the shadow file was not working. What I did is written a key and got access. Anyone who saw the shadow file before root, let me know.

I got the “maintenance” thing but still stuck luck a muck. Can anyone give some hints?

I am stuck at the login page. Can someone give me a hint via DM?

Guys need help from user 1 to user 2?
Any clues

Type your comment> @oneoftheevil said:

I am stuck at the login page. Can someone give me a hint via DM?

same here

am i supposed to be able to run a -l command once i have user because i cant and i dont see anythin interseting anywhere.

finally was able to get both flags :-0
nice box! very educational!

if someone knows of a way of rooting the box (not just getting the flag), would you please DM me?

Type your comment> @galimba said:

if someone knows of a way of rooting the box (not just getting the flag), would you please DM me?

Write instead read.

Just finished! A lot of people say they don’t like the initial foothold, but I enjoyed it.
Pm for hints.