Book

Spoiler Removed

Rooted ! Challenging box. I don’t want to spoil, so this is the helpful comments in my opinion:

User part1: Last comment of @embranco on page 4.
User part2: Discussion of @lucaswebb24 and @TazWake on page 8.
User part 2.1: Comment of @syn4ps on page 5.

Root: Comment of @zaphoxx page 5.

PM for help!

Please stop DOSing the machine. It’s not gonna get you anywhere and you’re ruining the experience for everyone.

edit: Totally unusable. Other boxes work fine. Gonna do something else and hopefully the person doing this will reevaluate his actions.

afther two days rotating my head with the root process…

root@book:~# id
id
uid=0(root) gid=0(root) groups=0(root)
root@book:~#
root@book:~# cat root.txt
cat root.txt
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
root@book:~#

@sparkla said:

Happy when I found out same old exploit worked all the time, just other users got in the way…

But: I got the private key, unable to get it into the right format, tried various bash tools and graphics design software to extract the text from PDF - invalid format. The key looks good otherwise, header and footer intact.

The page width might be cutting off bits.

got user. Thanks for all the hints!

Type your comment> @sparkla said:

Type your comment> @TazWake said:

@sparkla said:

Happy when I found out same old exploit worked all the time, just other users got in the way…

But: I got the private key, unable to get it into the right format, tried various bash tools and graphics design software to extract the text from PDF - invalid format. The key looks good otherwise, header and footer intact.

The page width might be cutting off bits.

Yes I noticed that right away. That why I tried multiple tools, but linebraks and blank spaces are messed up. Which tool did you use? I tried pdf2text and Affinity Photo, Okular & Foxit PDF

you dont need any software for that… <"pre+…

Struggling with root, been looking for odd services all day, nothing is sticking out like a sore thumb

Removed

@lucaswebb24 said:

Struggling with root, been looking for odd services all day, nothing is sticking out like a sore thumb
Is there something in the home folder which you wouldn’t expect to see? is it related to a running service? If you have the ability to write to the thing in the folder and the service is running, there is an attack you can try.

can somebody plz point me to something i can read on the foothold? I dont understand the hints and can’t think of anything i can do to the login/registration =(

Thanks @MrR3boot
User was a apinful fun that took hours.
Root was straight even if diffcult to trigger on free server cause many people working at the same time

@TazWake said:

If you google for that word plus exploit github the best link is likely to be in the top 5

On point!
Really simple exploit, works like a charm!


root@book:~# sha256sum root.txt
fc8eefa1739404b6182211c83b3840349668521d7a21129b20fd56ae7652a5a7  root.txt

Type your comment> @kalitkd said:

Type your comment> @sparkla said:

Type your comment> @TazWake said:

@sparkla said:

Happy when I found out same old exploit worked all the time, just other users got in the way…

But: I got the private key, unable to get it into the right format, tried various bash tools and graphics design software to extract the text from PDF - invalid format. The key looks good otherwise, header and footer intact.

The page width might be cutting off bits.

Yes I noticed that right away. That why I tried multiple tools, but linebraks and blank spaces are messed up. Which tool did you use? I tried pdf2text and Affinity Photo, Okular & Foxit PDF

you dont need any software for that… <"pre+…

I think it would be better to change the font size

Alright, rooted! Good one. PM me for help if you get stuck.

Hi guys! I am trying to login in the admin panel, but I can’t understand what I am missing. Can you please help me, send me some message or something like that?
Thank you so much!

Type your comment> @meraxes said:

Hi guys! I am trying to login in the admin panel, but I can’t understand what I am missing. Can you please help me, send me some message or something like that?
Thank you so much!
If you don’t have default admin creds, create you own

Type your comment> @cyberafro said:

Type your comment> @meraxes said:

Hi guys! I am trying to login in the admin panel, but I can’t understand what I am missing. Can you please help me, send me some message or something like that?
Thank you so much!
If you don’t have default admin creds, create you own

Thank you, I got them. Now I’m stuck at the next point.

Stuck on admin part, I think the injection comes from the params instead of the file itself, but haven’t found a language or payload which works so far. php returns no output. Any nudge would be appreciated

Type your comment> @xNaaro said:

Stuck on admin part, I think the injection comes from the params instead of the file itself, but haven’t found a language or payload which works so far. php returns no output. Any nudge would be appreciated

Sounds like you are kinda on the right track. PM me if you need a hand.