Traceback

Rooted. It was not really difficult but I learnt few things during the process.

Initial foothold: standard dictionaries will not work, visit that web shells website and try.

User: check permissions you have and google that program.

Root: use an automatic privesc tool to find that process or monitor processes. Then google it and modify a file with your payload. Then when you log in, your payload will be executed.

You can PM me for nudges.

Type your comment> @captain said:

Can anyone give me a clue on these processes?

Edit: So I got the root flag but I’m not sure if this was the correct way to do this…no root shell, just read the flag…

You can also get a reverse shell if you want.

Got user and root flag. The nudges and hints in the forum should get you there, but pm if I can help.

Rooted. I was making things way harder for myself by not paying attention to my commands as well as the responses the machine was telling me.

Thanks to @TazWake and @Gverre for standing in as my rubber duckies.

Hi guys, i was wondering… I got the user and the root. But the Flag (submit flag) is wrong. I thought I had to paste the hash from the root as flag? Or am I missing something?

@eMVee said:

Hi guys, i was wondering… I got the user and the root. But the Flag (submit flag) is wrong. I thought I had to paste the hash from the root as flag? Or am I missing something?

Cross-quoting @TazWake from another thread:

@Hashut said:

Is this a problem with the flag submitting system?

I think Multimaster uses a dynamic flag - and it was one of the first to do so. The main advice here is to submit as soon as you root and if that doesn’t work, reset the box, wait a bit and see if there is a new flag you can use.

If you are having problems, it’s definitely worth raising a Jira ticket Jira Service Management

I think the biggest issue is on boxes where you have to do several steps to get root - resetting and retrying may well become tedious. However, on this box it should be ok as you can log in & exploit fairly quickly.

AFAIK, all machines use dynamic flags, by now.

Type your comment> @HomeSen said:

@eMVee said:

Hi guys, i was wondering… I got the user and the root. But the Flag (submit flag) is wrong. I thought I had to paste the hash from the root as flag? Or am I missing something?

Cross-quoting @TazWake from another thread:

@Hashut said:

Is this a problem with the flag submitting system?

I think Multimaster uses a dynamic flag - and it was one of the first to do so. The main advice here is to submit as soon as you root and if that doesn’t work, reset the box, wait a bit and see if there is a new flag you can use.

If you are having problems, it’s definitely worth raising a Jira ticket Jira Service Management

I think the biggest issue is on boxes where you have to do several steps to get root - resetting and retrying may well become tedious. However, on this box it should be ok as you can log in & exploit fairly quickly.

AFAIK, all machines use dynamic flags, by now.

Okay, the root is still the flag to submit to own the system? If so I can do it again…
So the machine was rebooted a few seconds after I had the flag… ?

Yes, you need to submit the content of the root.txt (or user.txt, depending on where you are).
Try resetting the machine, and wait a few minutes before retrieving the (hopefully new) root.txt file.

Rooted :blush:

Nice box!

The root thing… is simply smart… I love this machine… really learn something out of it.

Owned user. Any hint for root?

.

hi, i just got reverse shell and started digging around the filesystem and found 3 files in the obvious directory almost saying they are hints. And other files (igor) with the same file extension.

I used the internetz and it says i need python to run them? but no python still in my terminal. Am i going to the right direction? ive spent some time in the same spot ;_;

thx c;

Finally got root. Finding the webshell took me so long because I got confused by reverse shells uploaded by someone. The webshell has everything you need for the initial foothold.

Rooted! Besides the initial part of the foothold, I loved this box. It was funny.

Wtf! Why are reseting ever 10 minutes???

Can i PM someone to get user hint?

Got user finally

I am a nube and I was hoping that someone could help me with privesc to root. I have successfully accessed the box and managed to get user flag, hopefully by the desired method. I have appended a line to the ‘0xxxxxxxr’ file + some additional steps to get a reverse shell. I have a connection but I am seeing no shell. Thanks

Rooted
Thx @sulcud your tip did it

Got the root flag but still stuck on getting a reverse shell - please DM me with some nudges as it is driving me mad!!!

I stucked on user dm for help pls.