Hint for Sunday

Here’s a hint for Sunday: You can take the box entirely without using exploits of any kind.

Should the one service discovered be working properly? Because to me it looks crippled… it does not respond to anything… I am talking about the one on higher port of the two. I see that box was reset 42 mins ago so it should be working?

@windsurfer check @MALVO 's comment earlier in this thread.

any hint for priv esc or troll ? thanks

Finally done it… But with VIP servers this box works horrible (at least for me). Impossible to enumerate using brute force, even with short wordlists… At the end had to switch to the free server to pwn it…

For a 20 point box, sure I’m doing it wrong or overthinking or something :confused:

not sure if I did the root exploit properly as a ton of people where messing with the machine… and i’m not sure if they’ve changed a file a little (machine was going down every 5-10 mins, and tons of system files getting wiped)

machine was quite easy, just stupidly got stuck due to lazy scanning at the start…

the constant resets don’t help, but what is supposedly an “easy” box is proving otherwise, have user access, but that’s where i’m stuck, i’m sure ill kick myself when and if I see it, hope is dwindling

yea, turns out someone had overwritten something they probably shouldn’t have (it worked, but decent chance of breaking the box)…
but my way was still viable for reading the root.txt anyway.

Lol, at least got privesc to read the user, now trying the root :confused:

any hint for priv esc guys? thanks

@rek2 said:
I went straight to Spoiler Removed - Arrexel and then got the flag 10m after very easy. if anyone needs help msg me in private

rek2 was an enormous help for me. If I was to give a tip, enumerate carefully and then try to think about the things you already can do. It is really hard to give good tips without giving to much away.

The box is hard for enumerating because there are too many reset requests. I think some dudes press request button because the box is restarting. Others reset because of priv-esc-that-you-already-known.

hello, can get some tips i get Authentication error for rpcinfo , and msfconsole error → Exploit failed

@valentinelocke said:

@jameel said:
any hints, there’s only two ports open, also got the users but there’s no entry point

I’d re-run your nmap scan and make sure you’re scanning the entire port range.

Thanks rooted it :slight_smile:

some tips for login

@dshulman said:
some tips for login

as valentinelocke said, make sure to run a full nmap scan, if you know the users and a valid entry point, then you need to make some educated guesses to gain a shell

@Aabkar said:
any hint for priv esc guys? thanks

Find out what commands you can run… then think about how you can use it to either get a shell escalation or skip the shell escalation entirely

@0d1n said:
any wordlist for root hash? rockyou doesnt seem to work, which 95 percent of the time it does

There’s a known password cracker for that. Takes a while - 15min? But not for root user since that file only has the other users passwords.

@alquimista said:
@0d1n said:
any wordlist for root hash? rockyou doesnt seem to work, which 95 percent of the time it does

There’s a known password cracker for that. Takes a while - 15min? But not for root user since that file only has the other users passwords.

You can use that password for root as well by manipulating a file :slight_smile: