Rooted! Good box, learned something when getting first shell. I’m dropping some hints:
foothold: pretty standard, almost too easy to bypass… Enter and figure out how to make your way to the system. Images can contain a lot of data… Newlines aren’t your friends.
user: enum, then enum and finally enum! Don’t surrender when you find something, just try other tools.
root: both a pre-made tool and a manual check should do the trick. Focus on what stands out as non-standard ;).
Fun box. Didn’t take too long once I got down to it. I would be curious if someone wants to PM me on upload file bypass because I don’t get why what I did worked, but it did.
Otherwise, 100% fun box. All the hints are already in the thread, but just keep it simple. I like the path to root because it shows something interesting about special files. PM me for hints if you want.
Finally Rooted.
This box is very much unique. I struggled for both User and Root but the knowledge I got was huge. Thanks to @FunkyMcBeef for helping/guiding me throughout the process of root
Initial foothold:
1.You know how to bypass login using basic things. (really a child’s play)
2. You have to upload something to get the shell
3. Trick is not everything works. For me all the basic methods failed. But then I watched one youtube video and learned a new method to craft payload. Cat has some powerful magic I would say.
User:
Once you get shell, you know where to look first.
Extract something but you don’t have access to the tools.
But there are other ways to do it. (really its in front of you)
Root:
OK this is not easy
linpeas will really give you something (please read it line by line. I didn’t and that’s why I struggled)
check what really happens in the background
exploit it
I am very much descriptive here, hope haven’t spoiled anything
I am stuck at root. Been looking at a script that will clean stuff up and see some interesting “Search and destroy” instructions. However I have no idea how to inject my own code in there.
Not sure if it is even the right path.
stuck with the upload form, tried different approaches (using just magic, concatenating two files) but can’t get RCE, let alone a reverse shell! a nudge would be appreciated
stuck with the upload form, tried different approaches (using just magic, concatenating two files) but can’t get RCE, let alone a reverse shell! a nudge would be appreciated
You can get a good example of how to bypass this by googling what you are trying to do and going to a gitbook page.
Ideally you want to be uploading an actual valid image.