Traverxec

I’ve held off for a few days now…looking for a little push in the right direction. I have read this entire thread multiple times and I am still stuck with a certain “private space”. Someone mind shooting me a message so we can discuss?

Rooted!

DM me if you need a hint :wink:

Hey ! I managed to crack the password with john and I found the interesting backup files, but no way to unlock the private key with the md5 password. I may missed something, hints are welcome

Type your comment> @OddRabbit said:

Just rooted.

That last part was kind of weird in order to trigger the command right. I still have a question as to the permissions in the last part though; why do I have to copy the *.sh file in order to actually write to it even though it is owned by the user david and writable for that owner?

Please do not hesitate to message me for any hints. :slight_smile:

Edit: Don’t worry its because of the sudoers file.

Could you explain more in PM ? :smile:

Type your comment> @DonDon69 said:

Hey ! I managed to crack the password with john and I found the interesting backup files, but no way to unlock the private key with the md5 password. I may missed something, hints are welcome

Good Old RTFM :slight_smile: - Do it, really… do it!

rooted! I definitely had a few facepalm moments here. Shoot me a msg if you need a little push in the right direction!

urg been banging my head against a brick wall for hours now, ive tried all sorts of things for root but cant make headway, any nudges ? please!

Hi i managed to crack the password which is Ne for dd, but i try to ssh in, password is wrong and I tried to enter the 10.10.10.165/~/d***d , got nothing , how do I get to user i am low privilegde , any nudge?

Type your comment> @pentester94 said:

Hi i managed to crack the password which is Ne for dd, but i try to ssh in, password is wrong and I tried to enter the 10.10.10.165/~/d***d , got nothing , how do I get to user i am low privilegde , any nudge?

You have an error in your URL-Syntax. You are on the right path. There is an additional paremeter set that might be of interest to you.

@Gizmet said:
urg been banging my head against a brick wall for hours now, ive tried all sorts of things for root but cant make headway, any nudges ? please!

PM me :slight_smile:

Type your comment> @nyb1e said:

Type your comment> @pentester94 said:

Hi i managed to crack the password which is Ne for dd, but i try to ssh in, password is wrong and I tried to enter the 10.10.10.165/~/d***d , got nothing , how do I get to user i am low privilegde , any nudge?

You have an error in your URL-Syntax. You are on the right path. There is an additional paremeter set that might be of interest to you.

Hi my typo but the website state private space

Type your comment> @pentester94 said:

Type your comment> @nyb1e said:

Type your comment> @pentester94 said:

Hi i managed to crack the password which is Ne for dd, but i try to ssh in, password is wrong and I tried to enter the 10.10.10.165/~/d***d , got nothing , how do I get to user i am low privilegde , any nudge?

You have an error in your URL-Syntax. You are on the right path. There is an additional paremeter set that might be of interest to you.

Hi my typo but the website state private space

Exactly. So the ~d***d directory is supposed to be private. How come you can see the content though?

I got root, but I’m a little confused on how it works. Why does j********l run with -n5 but ask for password without? And what are the hints about “staying home”, less, and “in front of your face”, also what’s the resize thing about? I figured out root but none of those hints made sense before or after doing so lol was there a different way?

Type your comment> @ShadowSuave said:

I got root, but I’m a little confused on how it works. Why does j********l run with -n5 but ask for password without? And what are the hints about “staying home”, less, and “in front of your face”, also what’s the resize thing about? I figured out root but none of those hints made sense before or after doing so lol was there a different way?

I am still as confused as you are :smile:

  • staying home is a good thing to do when you have nothing else to do
  • if you have less to do, then you might as well get the ■■■■ out
  • in front of your face is probably just another phrasing for staying home.

As for the parameters, i assume it has something to do with interupting the service call with false syntax. However, that is just a guess as i am fairly new to this as well :slight_smile:

I am curious how you rooted the machine! Wanna PM me?

Edit/Add: If anybody here certainly knows how the exploit works. please PM me!

Best Regards
nyb1e

well well well… sometimes overthinking things seriously complicates the whole process!

root@traverxec:/home# id
uid=0(root) gid=0(root) groups=0(root)
root@traverxec:/home# whoami
root

Wanted to comment on this box, as I do with all of them but never actually get around to it. Decently engaging box, but comments on these forums are always so ambiguous and end up sending you down different rabbit holes so here are my tips:

foothold: the name of the box and an nmap should be enough to figure it out. Look at the names of the services

user: This was kind of a pain. So you do manual enumeration of the typical stuff and you are supposed to be able to infer that you have access to a path that is not explicitly given to you. Once you get there you find something that you should know what to do with.

root: all the tips about screen size are literally irrelevant, as are the references to less. Just recreate what the file is doing. You don’t need to run the script. I spent too much time screwing around with stty and TERM and literally resizing my terminal window only to determine that none of it mattered, just do the thing you need to do and GTFO.

edit: after doing some testing only window width is relevant for reasons that I don’t care to explore, and if you are doing it right you should be able to figure out why.

@ShadowSuave said:

I got root, but I’m a little confused on how it works. Why does j********l run with -n5 but ask for password without?

Probably because the syntax in the file which manages this is quite specific.

And what are the hints about “staying home”, less, and “in front of your face”, also what’s the resize thing about? I figured out root but none of those hints made sense before or after doing so lol was there a different way?

A lot of it may relate to the privesc technique. The most common one from the bins needs it to do to something specific which I think people are trying to allude to here.

rooted. pm me if u need help.

Rooted!! i really didnt think i would root this one, many times i gave up on it and had to come back to it, cuz of the frustration of root, but eventually with a little help from my mentor i was finally able to figure it out, im not exactly sure why it works, i have an idea…anyhow theres not much i can say that hasnt allready been said in spades, but i will say for root, when it comes to resizing, just think of julius Irving then root will be a “slam dunk” pun intended, if this spoils i appologize…good luck all :wink:

Some people are legit still trying to DoS this server as a means of getting a foothold and it freakin’ shows.