Rooted. Thanks for the box @polarbearer and @GibParadox. This was a good reminder to pay close attention to all the information and don’t assume anything.
Learnt some new stuff along the way and thanks to those that provided me with nudges, respect given. If anyone wants a nudge, tell me what you have tried and happy to help.
root@admirer:~# whoami && id && hostname -a
whoami && id && hostname -a
root
uid=0(root) gid=0(root) groups=0(root)
Got root and understood how exploit r****my*******. works.
Thanks to @bertalting and @knuijsting for not letting me drown in the sea of rabbit holes.
Guys I tried dirbuster on wordlist big.txt and common.txt on / and /a****-**r ,but all files enumerated have response code 403,Can some one nudge me a hint
Getting to user seemed ok but I got stuck now with root. I think I followed to many rabbitholes and ended up now with what I think is the right place to followup on. but I cant figure out how to go about it. I’m looking into a****_t****.** and b*****.** . Maybe someone could help me out here. thx
Rooted! Foothold was a tangled web, but ultimately gave me a few more wordlists to add to my checklist. @beorn was helpful here. What is missing but should be present is just as important as what you find.
User was me being an idiot. @Solarstorm gave me a helpful hint which I will condense to this: Think about WHEN what you found before was generated.
And root was fun. Much easier for me with snake-training experience. Walk along the way carefully.
Pretty neat box indeed. I also don’t get the hate. Along the way you may get frustrated but cooling off, trying smarter, googling, testing before shooting etc will get you through it.
There’s also no need to leave trails and spoilers on this box, if you save and name your files some type of way they’ll be deleted anyway in a few mins.
I got rev shell for root on first attempt so I don’t know how people have an issue with that.
Everything you need is already available.
Enjoy the box!
Just nabbed user…jeez…was it “easy” sure after you put the pieces of the puzzle together. Each step closer kind of glues another piece in. But man without a couple of hints, I would have been more lost. However I must say, that it does get you thinking a bit more on basic enumeration. Don’t be afraid to try another tool if your favorites aren’t working. I admit I get stuck on dirbuster, dirb, and completely forgot about wfuzz which got me what I needed. If I wasn’t so set in my ways, I may have had a much easier time. Thanks to the creators of the box @polarbearer and @GibParadox for “slapping my wrists” a bit to break out of the same old, same old. Is it frustrating? Sure…but maybe I’ll remember wfuzz next time I can’t find what I’m looking for with my goto tools…
Everyone is saying that root i cake, I see some files I can sudo, but no idea what to do with them…can someone PM me with a nudge…I feel like this should be obvious but I’m just missing it.