Traverxec

This is my first box . I got stuck with user. I got the password by cracking the hash i got from h*****d. I am confused where to use it and to proceed further

I’ve found what was hidden. Asked John about what I found. Stuck…
A PM would be amazing…

rooted.
if you are having trouble with root - remember to first resize, only then call the relevant portion of the command from that .sh script to force that j*****l to start with LESS (super hint - no need for pipes), only then GTFO… I’ve wasted 1 hour just to understand it but now it’s all clear…
feel free to pm if needed

Rooted :smiley:

All hints are already given. Just a request, please do not add custom scripts on /home directories. Use /tmp/ or /dev/shm/ directories and change existing scripts or files.
Enumerate everything that is in front of you.

@leeat1rrupti0n said:

This is my first box . I got stuck with user. I got the password by cracking the hash i got from h*****d. I am confused where to use it and to proceed further

That file has a specific use - google it and it will tell you where you need to use it.

If you are running a shell in the account of a webserver, look at the places the webserver can access. This will give you the folders you need to look at.

Thanks @TazWake you the best i wouldnt have solved this without your help. i really appreciate this

I’v rooted it!
I’ve broken box and my head :slight_smile:

Okay, well I’m totally stuck.

Found the goods, RTFM, checked the file again, saw something interesting ~. Tried to access it, all I get is the lazy man.

Tried to manipulate headers to place the goods and I still can’t access what I need to. As far as I can tell I am on the right but I cant get to what I need.

Googled more… and more… I officially stumped. I usually stay away from very CTF based boxes, but now I can’t put this one down.

Can anyone give me a hint as I am almost 100% certain I am on the correct path.

@Knoss said:

Okay, well I’m totally stuck.

Found the goods, RTFM, checked the file again, saw something interesting ~. Tried to access it, all I get is the lazy man.

Tried to manipulate headers to place the goods and I still can’t access what I need to. As far as I can tell I am on the right but I cant get to what I need.

Googled more… and more… I officially stumped. I usually stay away from very CTF based boxes, but now I can’t put this one down.

Can anyone give me a hint as I am almost 100% certain I am on the correct path.

You’ve obfuscated this sufficiently that I am not sure where you are on the box.

If you are trying to get user, you might find it easier to use the public exploit to get a low priv shell and use that to enumerate what you need.

If you are trying to privesc, enumeration is your friend.

i cant crack the hash found in .h*****s . john wont even attempt to crack it.

Type your comment> @ReT said:

i cant crack the hash found in .h*****s . john wont even attempt to crack it.

Having a similar issue, it attempts to crack it but shouldnt take as long as its taking - I’m using default wordlist. Anyone have any nudges for it?

ROOTED

for user: use lin** e** or read config file. for root: read scripts file

Type your comment> @Atilla2019 said:

ROOTED

for user: use lin** e** or read config file. for root: read scripts file

roooted! thaaankss :smiley:

WTF! the box is crashing every couple of minutes! stop for fucks sake!

EDIT: Rooted! It was fun, but root kinda freaky. In summary RTFM, Google everything & GTFOBins.

I can’t seem to get a reverse shell.

I’ve cracked the creds I’ve found, but can’t seem to connect via SSH using the creds I’ve got? Any help much appreciated, cheers.

@pallasator said:

I’ve cracked the creds I’ve found, but can’t seem to connect via SSH using the creds I’ve got? Any help much appreciated, cheers.

The file you found them in has a specific purpose. Use them that way.

Remember you have an account as a webserver, so you can see anything the webserver can see.

@th48th said:

I can’t seem to get a reverse shell.

Why not? Do you need one?

Did it, rooted my first machine (of course, with the help of the lovely people here).

Would someone be able to PM me and tell me why the privilege escalation to root worked? I have an idea, but I wanted to double check with someone to see if I understand why the command worked as it did. Thank you guys, again, especially @nyckelharpa.

Type your comment> @ALK said:

For people struggling with root. remember its not always a good idea to maximize ur screen :wink:

lol, made no sense, and then it did. Thanks for the hint @ALK !