Pretty fun box overall, foothold was straight forward but user and root definitely took a bit longer to get. This box is good to brush up your linux enum skills for sure, I definitely needed it. Thanks @TRX for the box.
If anyone is really stuck feel free to send me a pm for a nudge.
So when looking for all the things i can find, none of the tricks from there are kicking me a stable one please HELP!! I am sure i am making it harder than i need to
ROOTED!!
I made it far more complicated than it needed to be to get root. The advice in here has been spot on for getting there though.
For root think about how commands are run.
Thanks @TRX I learnt a lot on this one, thanks to those that gave me nudges in the right direction aswell.
One big favor to all that will reach to forum, stop resetting the box. It’s not nice, it’s annoying and spoils the fun.
Some tips from my side,
User: Enumerate all, ffuf will do the work pretty fast. For the form, the first option that you will find in google.
Root: Look for what shouldn’t be there. SUID3NUM or anything else that you normally use will do the trick. From then on strings or strace will work for you.
Foothold - get logged in, then pay attention to the name of the box.
User - Pay attention to running services, and always try any found credentials everywhere you can
Root - linpeas will get you halfway, pspy will get you another quarter, and knowledge of how linux decides the order in which to run programs will bring you home.
Anybody able to get a successful ssh connection for t******? Adding my key to the authorized_hosts file doesn’t seem to work…
Worked for me without issues. I noticed though, that the authorized_keys often gets overwritten by others (instead of appended). So, maybe you run into a race-condition