Rooted this a while ago, finished writing the report for it.
My hints for all:
User: Google, use what’s in front of you. Then, RTFM. Can’t stress this enough, it will be confusing but eventually you’ll get it.
Root: Standard stuff, everything is in your room. Read it, search it, understand it. Take it over.
Feel free to message me if you want any hints or nudges!
rooted, root was much easier than user albeit rather strange.
User Hint : Look for app specific exploits to get a foothold. Once you have a limited shell, look at the application config files to see where sensitive info may be hidden. Focus on alternatives to passwords.
Root Hint : Look at the files within the homedir of the user and look at the context under which the commands are being run. Play about with it and terminal size matters.
Thanks to the creator of the box as had alot of fun with this one.
Fun one. In retrospect user was more of a pain than root. Root is right there and you know it’s right there, just getting it to work right is a bit of a pain. User I’d be lost without the forums.
Finally ROOTED !
It’s my second box and that wasn’t easy for me, but I’m getting used to it
foothold: do your recon and search for CVEs and exploit it
user: read the conf and the manual carefully you should figure out something to get access to user’s dir, If you got it and still stuck maybe you can read the CVE source code too, it helped me to identify what I missed
root: GTFO bin and resizing are the key
hope that’s not spoiling, actually most of it are what I got from this discussion
feel free to PM if you got stuck
This is my first box . I got stuck with user. I got the password by cracking the hash i got from h*****d. I am confused where to use it and to proceed further
rooted.
if you are having trouble with root - remember to first resize, only then call the relevant portion of the command from that .sh script to force that j*****l to start with LESS (super hint - no need for pipes), only then GTFO… I’ve wasted 1 hour just to understand it but now it’s all clear…
feel free to pm if needed
All hints are already given. Just a request, please do not add custom scripts on /home directories. Use /tmp/ or /dev/shm/ directories and change existing scripts or files.
Enumerate everything that is in front of you.
This is my first box . I got stuck with user. I got the password by cracking the hash i got from h*****d. I am confused where to use it and to proceed further
That file has a specific use - google it and it will tell you where you need to use it.
If you are running a shell in the account of a webserver, look at the places the webserver can access. This will give you the folders you need to look at.