Ok i took some notes now so im gonna also give some tips in here:
foothold: It's very easy. After that think of the machine's name
user: There are many different programs installed with which you can use with your information to get user.
root: Look if there is something unusual. Spy to find out what it does or look at it's text to look how it does things.
Very nice and easy box, root got me digging some rabbit holes. It was good learning experience. The hints here are sufficient, but still happy to help if anyone needs a nudge.
Pretty fun box overall, foothold was straight forward but user and root definitely took a bit longer to get. This box is good to brush up your linux enum skills for sure, I definitely needed it. Thanks @TRX for the box.
If anyone is really stuck feel free to send me a pm for a nudge.
So when looking for all the things i can find, none of the tricks from there are kicking me a stable one please HELP!! I am sure i am making it harder than i need to
ROOTED!!
I made it far more complicated than it needed to be to get root. The advice in here has been spot on for getting there though.
For root think about how commands are run.
Thanks @TRX I learnt a lot on this one, thanks to those that gave me nudges in the right direction aswell.
One big favor to all that will reach to forum, stop resetting the box. It's not nice, it's annoying and spoils the fun.
Some tips from my side,
User: Enumerate all, ffuf will do the work pretty fast. For the form, the first option that you will find in google.
Root: Look for what shouldn't be there. SUID3NUM or anything else that you normally use will do the trick. From then on strings or strace will work for you.
Foothold - get logged in, then pay attention to the name of the box.
User - Pay attention to running services, and always try any found credentials everywhere you can
Root - linpeas will get you halfway, pspy will get you another quarter, and knowledge of how linux decides the order in which to run programs will bring you home.
Comments
i got wwwdata, I got some my*** credentials but i dont know what to do with them
Ok i took some notes now so im gonna also give some tips in here:
foothold: It's very easy. After that think of the machine's name
user: There are many different programs installed with which you can use with your information to get user.
root: Look if there is something unusual. Spy to find out what it does or look at it's text to look how it does things.
im on the verge of breaking my computer im stuck.
stuck on image upload all im getting is "What are you trying to do there?" fucking bs
i just gotta calm down and enumerate.
Type your comment> @BE4VER said:
no enumeration needed to upload shell. Focus on the headers
Type your comment> @ciberpapi said:
Check for alternatives no need to login to u can get what ever u want
stuck on shell upload! pls pm for hints !
Very nice and easy box, root got me digging some rabbit holes. It was good learning experience. The hints here are sufficient, but still happy to help if anyone needs a nudge.
and... i also need a push with the upload
Tried different applications and methods but my cmds are not executed
CySA+ | CEH | MCP | MCSA
just got shell the best advice i can give you is youtube lol
Type your comment> @ciberpapi said:
Sounds like magic is the part you forgot to add
Great Box
Oh dude who posted that qr ๐. I thought it was related..... Man that calculation
Rooted! totally over complicated root.
take the time to watch what is happening. basic attention to detail.
A very nice box, I really enjoyed it
Thank you @ByteM3 for the awesome box.
Hits:
foothold:
if you found the form, then try to find a way to trick it.
user:
you need a stable shell.
root:
Enumerate, when you find it then look into the binary.
I hope this helps
Type your comment> @xAbdulRhman said:
ahaha thanks for the credit but 100% wasnt me. I just started the thread!
Type your comment> @ByteM3 said:
Oops sorry
Thank you @TRX
Type your comment> @0x41 said:
thanks for the reply, but I already did the magic, thank you anyways, now im stuck at wwwdata :c
Pretty fun box overall, foothold was straight forward but user and root definitely took a bit longer to get. This box is good to brush up your linux enum skills for sure, I definitely needed it. Thanks @TRX for the box.
If anyone is really stuck feel free to send me a pm for a nudge.
So when looking for all the things i can find, none of the tricks from there are kicking me a stable one please HELP!! I am sure i am making it harder than i need to
Type your comment> @s1lv3rst4r said:
Haha I did the same lol. It was only after the box reset I realised someone uploaded the QR image.
I made it far more complicated than it needed to be to get root. The advice in here has been spot on for getting there though.
For root think about how commands are run.
Thanks @TRX I learnt a lot on this one, thanks to those that gave me nudges in the right direction aswell.
DM for hints, if you do I need more info than 'help with...' what commands etc have you tried?
Stuck on the file upload. I've played with the headers but still getting the message What are you trying to do there?
Can I have a nudge please.
Edit: I got it the file upload but need to find it. Magic.
Edit 2: Thanks to @Cedgar for the nudge, I got the reverse shell.
Might need a nudge on root. Been stuck enum for a while.
Update. Got root.
Type your comment> @CyberFunk said:
HHHH sorry it was me .. just a QR photo from another challenge ๐
I wouldn't mind some +respect if I helped you ;)Great box.
Was stuck with privesc but finally rooted.
User: try different payloads.
Root: you need to find special tool..
Feel free to msg me for hints.
Easy and fun.
One big favor to all that will reach to forum, stop resetting the box. It's not nice, it's annoying and spoils the fun.
Some tips from my side,
User: Enumerate all, ffuf will do the work pretty fast. For the form, the first option that you will find in google.
Root: Look for what shouldn't be there. SUID3NUM or anything else that you normally use will do the trick. From then on strings or strace will work for you.
Rooted:
Foothold - get logged in, then pay attention to the name of the box.
User - Pay attention to running services, and always try any found credentials everywhere you can
Root - linpeas will get you halfway, pspy will get you another quarter, and knowledge of how linux decides the order in which to run programs will bring you home.
Happy to help anyone who needs a nudge.
@s1lv3rst4r said:
EU VIP 14 ? I did question the math as well !
To contact me, please use Discord
Myrtle#5162