Book

Hey guys, I’ve been stuck at root for several days and would appreciate a hint. I know what exploit to use but I just can’t figure out how to meet the second precondition in a useful way. There are obviously quite a few paths I can place l** files in but what’s the point if l**r**** files don’t point to any of these paths? I can trigger the exploit myself and specify the path, but again: this doesn’t help me to get root because my user doesn’t have the required permissions. I’d be happy about a nudge in the right direction.

@bigFish43 said:

Hey guys, I’ve been stuck at root for several days and would appreciate a hint. I know what exploit to use but I just can’t figure out how to meet the second precondition in a useful way. There are obviously quite a few paths I can place l** files in but what’s the point if l**r**** files don’t point to any of these paths? I can trigger the exploit myself and specify the path, but again: this doesn’t help me to get root because my user doesn’t have the required permissions. I’d be happy about a nudge in the right direction.

The exploit page says the log files need to be under the control of the attacker.

There are some logfiles which meet that requirement if you’ve enumerated.

Point it at them, trigger it and see what happens.

One issue might be using a broken payload?

Type your comment> @dojoku said:

why my revershell always got this error

Connection received on 10.10.10.176 35352
root@book:~# Hangup

i used python reverse

nevermind i got it

root@book:~# whoami
root
root@book:~# cat root.txt
root@book:~#  :)

big thanks to @TazWake, @EvilT0r13 and @hasky

Just go to the trunk, get admin, download some files, and then profit from the logs…
Great challenge from @MrR3boot…lots of new things to learn!

Thank you for this! It turned out I was missing a single “-” character in the header!

@HomeSen said:
Make sure you copy&pasted everything. All but the last line must perfectly align when using a monospaced font :wink:

Rooted foothold was a bit tricky

Thanks for the creator

Feel free to PM if you need help

Hi…Can anyone give me some hints on the initial foothold…bit stuck there. Seems like S*Li, but can’t use it to get initial foothold.

@rootsh3llz said:

Hi…Can anyone give me some hints on the initial foothold…bit stuck there. Seems like S*Li, but can’t use it to get initial foothold.

It isn’t that. Think about a way you can truncate that technology then google the terms.

Rooted at last.
I used various tips from the forum.
What cost me the most was the first part of the user (until I saw the detail).
Root: with enumeration

Still struggling a lot with the initial foothold. I found another login page and I’ve been looking at the http requests going back and forth but nothing really stands out yet.
If someone can PM me a nudge I’d appreciate it.

Finally rooted! Thanks to @TazWake, @Watskip, and @FDS for helping me out.

My only hint for root: for the very last step, you’ll have to make an educated guess about how things are configured in order to trigger the exploit. If you don’t know what I’m talking about, read the lr*** man pages and think about what setting could affect the behaviour you expect to see.

I am running the exploit for root, but l*gr***** doesn’t happens and it’s not been triggered…what m missing?

Finally Rooted…it was cat and mouse game to get root…!! Many thanks to @TazWake and @FDS

I just got user, but holy cow - this box made me work for it. A lot of learning and reading.

EDIT: Just got root. Amazing box!

I can’t trigger my payload, what am I missing?

Can I get a nudge for user? Im stumped. I’ve created a user and noticed that there is an admin login page, but Im stuck.

Man, I’m always bad at X** exploitation.

I really need help and some nudges for X** things.

@qwas2zx9 said:

I can’t trigger my payload, what am I missing?

The way to trigger your payload?

Are you editing the target file while the exploit is running? If not, it probably wont trigger.

If your payload is something which wont run on the system, then you might be triggering it without knowing.

@TsMade said:

Can I get a nudge for user? Im stumped. I’ve created a user and noticed that there is an admin login page, but Im stuck.

Those two things are helpful. You can create one that can access the other.