Admirer

I’m a bit new and I can’t figure out the priv esc to user can someone pm me for a nudge or a hit. (the roots/users on my acc are from my friend helping me but i didn’t learn anyhting)

Thanks to the creators for the box :smile:
Educated guessing might help getting what you want, but Fuzzing will also do the trick. Try common wordlists with common extensions

This was the longest I ever took to get the user flag for a 20 point box. After all the dirbusting, getting the vulnerability to work correctly also required a fair amount of configuring and googling.

The root method is similar to that in a recent box, but with a twist - here it is related to a certain serpentine security gotcha.

Just root it. It’s totally not an easy box for me :blush:

Would appreciate a little nudge, got the r*****.t file, the user, the a**-**r, and after a truckload of fuzzing I’m still nowhere after a good few hours of busting

Edit: found the next step.

Finally rooted this machine! Took me little longer than usual but it was quite worth it I’ve learnt a few things I’ll probably never forget.
Special thanks to @polarbearer and @GibParadox for this cool machine.

Awesome machine, thanks to @polarbearer and @GibParadox for so awesome challenge. Really don’t know why a lot of people point that this one is a CTF machine, scenarios like this one happen in the real world. I think that the only problem is that the machine is not an “easy” one (or at least not for me), this focusing in the amount of enumeration needed to get the initial foothold

My hints:

User

  • Use that word without abbreviating it
  • Try to access that
  • It’s not about him, it’s about you

Root

  • Read about the powerup and the cobra features

Hope I am not spoiling the machine, if is that, remove the post

Really nice and fun box, learned a lot of new stuff!
PM me if you need a nudge.

can someone pm me with a nudge ?
i am stuck with the login page
i grabbed every file i found and tried every password but i always get “Access denied”

@SohaibSEG said:
can someone pm me with a nudge ?
i am stuck with the login page
i grabbed every file i found and tried every password but i always get “Access denied”
thanks everybody i got user
moving towards root

that’s the hardest “easy machine” after forest!!! Struggling on root…
I think it involves “W” command, but I’m not completely sure.

Anyone willing to give a nudge for the login page? Attempted bruteforcing using fuzzed info, attempting the vulnerability but getting 'Connection refused" :frowning:

Hi, I have found the h***.***.*z file but am struggling where to go from here. Can someone give me a nudge please.

Type your comment> @WireInTheGhost said:

Hi, I have found the h***.***.*z file but am struggling where to go from here. Can someone give me a nudge please.

Analyze what you have seen and start fuzzing again as this box recommends most enumeration skill.

@g1g4 said:
Anyone willing to give a nudge for the login page? Attempted bruteforcing using fuzzed info, attempting the vulnerability but getting 'Connection refused" :frowning:

Configure the environment properly.

@SohaibSEG said:

@SohaibSEG said:
can someone pm me with a nudge ?
i am stuck with the login page
i grabbed every file i found and tried every password but i always get “Access denied”
thanks everybody i got user
moving towards root

rooted with help of stackoverflow XD

Finally managed root on this thanks for the nudges @vicio and @LateComerz. Sometimes these easy boxes are not so easy, but it’s not that they are technically complicated, it’s just that I don’t know the tricks, yet. But that’s why we are hear right to learn? So if a similar box rolls around, I’ll have a few more tricks in my arsenal. I liked this box.

Can someone PM me some nudges on root? I’ve found the thing you get from basic enum once you’re on the box, but I’m not well-versed enough in snake language to understand how to go from there to root.

EDIT: Rooted. Figured it out on my own after looking up how things work wrt the intended attack vector. Very fun box, great for OSCP practice. I’d consider it more of a Medium box than easy.

First part of this box is absolutely terrible, lots of enumeration. Root part is cool.

Can someone explain me how to choose a wordlist over another? When should I choose this wordlist over another one.