Longest path to the user I’ve ever done… ?
This box requires a lot of patience, if you are not, leave it.
Almost all hints are given here:
User : Enum - enum - enum,
Root: a little trick and root will give you success.
This box is definitely not an easy one, I would rate it medium as others said.
Thorough enumeration, hunch skill and never give up of trying will make the enumeration part easy. No brute force needed. Technology exploit at login part is so much fun since you can do it from scratch or use ready made.
Root is kinda hard for me since I’m not that familiar with snake lifestyle and king options. Now I learned something new from root. Overall good box!
Finally got the root flag, used a few days to get the foothold, half-day to privesc to root, the foothold really hard compare to the privesc and the user, need tons of enumeration. The root flag is not hard but the box is pretty unstable and lag which is the difficulty instead of the actual privesc I think. However I just get the root flag, I tried to get a reverse shell with either python or bash but none of them works, python one show connection to my host which I receive in nc, however, don’t really have a shell and just stuck there, I think my reverse shell is fine because I tried with the user and it works, anyone has some hints to make the reverse shell work, please?
Just r00ted. Such a great machine I have gone through.
From my side root was easy to get if you have py***n experience.
But for User flag, u have to hit ur head. It took 3 days for me to have a user flag.
but a few minutes for the root flag.
Enumeration is the key to get the flag.
This was surely not an easy machine, but the way they created the box is ultimate and it gives some fruitful knowledge of some unknown techniques.
the amazing thing is I didn’t know that priv esc is such a kind.
Thanks, @GibParadox, and @polarbearer for this wonderful machine.
Finally got the root flag, used a few days to get the foothold, half-day to privesc to root, the foothold really hard compare to the privesc and the user, need tons of enumeration. The root flag is not hard but the box is pretty unstable and lag which is the difficulty instead of the actual privesc I think. However I just get the root flag, I tried to get a reverse shell with either python or bash but none of them works, python one show connection to my host which I receive in nc, however, don’t really have a shell and just stuck there, I think my reverse shell is fine because I tried with the user and it works, anyone has some hints to make the reverse shell work, please?
I had the same issue and to speed things up, I simply created a new user with sudo permissions via a simple .sh script and used that user to become root.
Well this machine was much harder than I first thought (easy machine huh?). I learned a few key things about the snake language and UNIX. Foothold was pain but root was worse than that. I want to thank you for the author for this suffering because I still won’t know these techniques if I wouldn’t completed this machine. Also want to thank you for @Thuune helping me out from initial madness
Looking at the comments saying “try more wordlists”, I litterally dirb’d, gobuster’d, and wfuzz’d the url with all of the wordlists (with all the extensions possible) without finding that login page… I even tried to make educated guesses. Can someone please give me a more specific suggestion on how to find this page everybody is talking about? There’s something that I don’t know for sure.
Edit: nvm I was overlooking the obvious, thanks to @EvilT0r13 for the help!
rooted. Frustrated at first, but after all this machine deserved to be much higher rate.
User: Difficulty of foothold depends on if you know a specific tool related to databases. The machine name is a big hint.
Root: Basic enum, then read the script carefully line by line.
It doesn’t really depend on knowing it or not. You can find it by looking cautiously at everything they give you after enumeration.