Great box @thek !! Very hard root for me!
Rooted
PM for help
Hi, I pulled b***-i****
, used top/top creds and enum. no idea. found not too much except ~/.s**
folder with config
and keys
. Tried playing with s** -i
login but nope, nothing has worked
Can anyone put me on the right track, please? I have been hitting the wall for a few days.
Help will be greatly respected and appreciated.
Super fun and challenging box with a variety of exercises, much appreciation @thek! Did anyone succeed in getting a root shell? Or getting root flag in a serverless manner?
My advice:
Gaining a foothold: Look around until you find a weird response, encoded inside it there is a hint pointing to a useful sub. Learn about that technology and think about the box name to figure out how to use the sub – think lazy for auth (thanks @reverse1!!). Sniff around in your new environment until you’ve found to find a useful config, it’s a little dusty but probably still works just fine.
U1 → U2: Try to establish a strong web presence with info you extract using U1 powers.
U1 → root: Think about a super awesome Linux privesc technique and find out what you can do. Looks like you can trick Midas into moving his gold to a location of your choice, which seems fantastic until you realise you don’t have the ability to see them! ? Just when you’re nearing tears because you can’t see the results of your effort, remind yourself you’re still a 1337 hax0r, and probably just need a nap. After you curl up and get some rest, (with complete disregard for your safety given your position in the enemy’s lair), you’ll find the answers come to you in a restful dream – seems like restrictions don’t transfer into the sleep realm.
Happy to help if if anyone needs a nudge on this amazing box!
I’ve been spending hours now, escalated to user2, but stuck on root… Don’t know where to ‘rest’ my hands… Any nudges will be gratefull!
Edit: Rooted. I didn’t consider the traditional methods of FT.
Hi folks,
Anyone have a nudge about user2? I m logged on the c*s, got the webshell but cannot have a bind or reverse shell witj the cat. Any nudges would be really welcomed
Thanks a lot.
Rooted! Great box, although root gave me some pain. Many times I got stuck at little things, but learned a lot!
Can someone please help me with box? I’m trying to get the server binary to b*** user machine but seems like the the file is too big or something to be transferred?
root@bolt:~# whoami
root
root@bolt:~# id
uid=0(root) gid=0(root) groups=0(root)
Finally after banging my Head for so long ! One of the best box that I’ve done so far !
Hints :- Enumerate , read the docs !
PM for nudges !
Rooted.
It was enjoyable after getting the initial foothold, but boy did I get frustrated with that. Deep down a rabbit hole trying to understand d****r client certificates for hours!
Thanks @Propolis for the encouragement.
ı got an error on getting root
repo problem about r****c
can anyone help me on root part?
Finally rooted this machine! PM if you need nudges
First hard box! It was quite an interesting 2-3 day trip.
Foothold: Once you get to d*****.*****./v* think super lazy. I wasted more time than I’d like to admit on that part, and I have no excuse.
Foothold → U1: Think about the box name/subdomain and read the docs.
U1 → U2: Find a piece of data.
U2 → Root: Enumerate a little and read a lot! Once you figure out how to use this technology, figure out a better way around the network limitations with the access you do have.
I can bypass and get a shell uploaded but when I try to execute it, it just downloads the file :S
hi,
someone could give me push to user2? i found login page and got adm hash from b***.b
but can’t get pass**d for access…
Thanks
update: nevermind got it
Hey! Can anyone help me on getting the webshell for user 2? I’ve already gotten a login for the service, but cant upload anything useful…
Thank you!
Type your comment> @dvargasj said:
Hey! Can anyone help me on getting the webshell for user 2? I’ve already gotten a login for the service, but cant upload anything useful…
Thank you!
you can upload whatever you want, just tell it to…
So is the w**-**** user the user2 or user1? Normally this would be an initial foothold rather than a path to root, but I got user.txt without compromising that one.
Also getting 404s every time I try to rename… something… to get w**-**** user, am I on the right track here?
EDIT: I also tried to rename something very benign to something else very benign, no funny business, and still got the 404s.
that would be user 2. > @OrangeHat said:
So is the w**-**** user the user2 or user1? Normally this would be an initial foothold rather than a path to root, but I got user.txt without compromising that one.
A bit of back and forth with this one, but path to root involves these users: b* → a* → w* → root
Also getting 404s every time I try to rename… something… to get w**-**** user, am I on the right track here?
EDIT: I also tried to rename something very benign to something else very benign, no funny business, and still got the 404s.
You are but no need to rename anything