Admirer

Longest path to the user I’ve ever done… ?
This box requires a lot of patience, if you are not, leave it.
Almost all hints are given here:
User : Enum - enum - enum,
Root: a little trick and root will give you success.

This box is definitely not an easy one, I would rate it medium as others said.

Type your comment> @abhijasud said:

connection refused mysql dm me need help

make sure the bind-address is correctly configured.

What wordlist should I use? I’m using raft-large with gobuster but nothing close to what I think to see in the forum

can I get a nudge

thanks

Rooted. The foot hold was a lot more difficult than root.
I was stuck what seemed like forever on the login page.

and after 16 hours I managed to get the root, it was not at all easy indeed the opposite, thanks to @EvilT0r13 @olsv @troet For support

??

Thorough enumeration, hunch skill and never give up of trying will make the enumeration part easy. No brute force needed. Technology exploit at login part is so much fun since you can do it from scratch or use ready made.

Root is kinda hard for me since I’m not that familiar with snake lifestyle and king options. Now I learned something new from root. Overall good box!

Type your comment> @Kyoureka said:

snake lifestyle and king options.

LOL. I guess that’s a good way to describe it without giving away too much.

Rooted !

Definitely not an easy one. This should be medium.
Root was very cool !

PM if needed :slight_smile:

Is the machine slow, coz when I get into user and thats it after that it gets stuck

Hey! I have the root flag but I can not get a reverse shell. Anyone can private message me for any hint. Thank you! =)

root@admirer:/tmp#  ifconfig | fgrep 10. | awk '{print $2}'&&whoami
10.10.10.187
root

Finally got the root flag, used a few days to get the foothold, half-day to privesc to root, the foothold really hard compare to the privesc and the user, need tons of enumeration. The root flag is not hard but the box is pretty unstable and lag which is the difficulty instead of the actual privesc I think. However I just get the root flag, I tried to get a reverse shell with either python or bash but none of them works, python one show connection to my host which I receive in nc, however, don’t really have a shell and just stuck there, I think my reverse shell is fine because I tried with the user and it works, anyone has some hints to make the reverse shell work, please?

Very good machine,

So much learning even if this is marked as easy box, shell was a experience in root.

Foothold: You can use your common lists to enumerate the target, this part its a little messy because have a several rabbitt holes, so be creative.

User: at this moment you can find a window, so google fu, to get into it just prepare your server and run.

Root: I never thought that we can do that at that level, this requiere a mod in your way.

I hope this can help and if this is a spoiler please remove, thanks.

Just r00ted. Such a great machine I have gone through.
From my side root was easy to get if you have py***n experience.
But for User flag, u have to hit ur head. It took 3 days for me to have a user flag.
but a few minutes for the root flag.
Enumeration is the key to get the flag.
This was surely not an easy machine, but the way they created the box is ultimate and it gives some fruitful knowledge of some unknown techniques.
the amazing thing is I didn’t know that priv esc is such a kind.
Thanks, @GibParadox, and @polarbearer for this wonderful machine.

Type your comment> @Kaiziron said:

Finally got the root flag, used a few days to get the foothold, half-day to privesc to root, the foothold really hard compare to the privesc and the user, need tons of enumeration. The root flag is not hard but the box is pretty unstable and lag which is the difficulty instead of the actual privesc I think. However I just get the root flag, I tried to get a reverse shell with either python or bash but none of them works, python one show connection to my host which I receive in nc, however, don’t really have a shell and just stuck there, I think my reverse shell is fine because I tried with the user and it works, anyone has some hints to make the reverse shell work, please?

I had the same issue and to speed things up, I simply created a new user with sudo permissions via a simple .sh script and used that user to become root.

Idk why, but cat gives no output whereas nano shows file has content. Does anybody know why this is happening?

Well this machine was much harder than I first thought (easy machine huh?). I learned a few key things about the snake language and UNIX. Foothold was pain but root was worse than that. I want to thank you for the author for this suffering because I still won’t know these techniques if I wouldn’t completed this machine. Also want to thank you for @Thuune helping me out from initial madness :slight_smile:

Looking at the comments saying “try more wordlists”, I litterally dirb’d, gobuster’d, and wfuzz’d the url with all of the wordlists (with all the extensions possible) without finding that login page… I even tried to make educated guesses. Can someone please give me a more specific suggestion on how to find this page everybody is talking about? There’s something that I don’t know for sure.

Edit: nvm I was overlooking the obvious, thanks to @EvilT0r13 for the help!

Type your comment> @flipflop139874 said:

rooted. Frustrated at first, but after all this machine deserved to be much higher rate.

User: Difficulty of foothold depends on if you know a specific tool related to databases. The machine name is a big hint.
Root: Basic enum, then read the script carefully line by line.

It doesn’t really depend on knowing it or not. You can find it by looking cautiously at everything they give you after enumeration.