Magic

Type your comment> @flymomike said:

@flymomike said:
Got both the user and root flags but getting Error when I try and enter each one which is annoying after burning the midnight oil to get this box finished. I know I am not the first person to suffer this problem, I am on VIP so does that make any difference?

NVM accepted both flags when I tried a different way to enter them

Just out of curiousity, would somebody mind giving me a nudge how you would get round the login page at the start without using some of the more common OWASP top 10 gotcha’s, which I obviously used.

huh, the first part was hard, but also it was a great machine, I learned a few things, also thanks for the great hint @choupit0 and thanks @TRX for this box. :slight_smile:

Thanks @TRX for the exciting box. Definitely made me feel dumb at some points, but in the end it was a lot of fun.

Thanks to @helichopper @akshanshshri for the hints

PM me if you need a hint!

Hi All,

Could somebody please give me some help in getting the user account. I’ve been stuck in the w******a shell for days, I think I see how to get from the user to root but for the life of me I can’t see how we’re supposed to get to the user :frowning:

Thank you.

Type your comment> @lightfu said:

Hi All,

Could somebody please give me some help in getting the user account. I’ve been stuck in the w******a shell for days, I think I see how to get from the user to root but for the life of me I can’t see how we’re supposed to get to the user :frowning:

Thank you.

I’ve sent you a message with some tips :slight_smile:

Type your comment> @sqw3Egl said:

Type your comment> @lightfu said:

(Quote)
I’ve sent you a message with some tips :slight_smile:

Thank you, and @Gfowler, so much!! Got the user now, onto root…

Argg
i do not know the stuff for root, spends hours seeking all process.
But what a fun box, i learn lots of things, even for the Rabbit holes
PM for nudge are welcome

im stuck at root

found the S.Bin

string it

but its a bit confuse.

can anybody pm me ? thx

edit: rooted !
thx for the nudge @cY83rR0H1t

Given all your comments, I must be doing something really stupid or not seeing the obvious, as I am struggling to get a foothold. I have tried 'bypassing ’ using Burp Suite and use of the ‘curl’ command but without any joy. As a nube, please can someone DM me and shed some light on what I should be doing? Thanks

I think I have the way but I am missing something critical. I can reach the desired foothold page via curl and burp repeater but am unable to interact any other way. Any nudge to get me past this bump will be greatly appreciated.

Edit - Got it. Just had to ask the question.

get user.txt.

found SU*D file S*****o (may be intersting)
use pspy64,but can’t found anything.
Need some Tips,Please PM me,thanks.


get root.txt !!!hahaha

Spoiler Removed

Nice box, I was amazed on the first foothold, so simple I nearly didn’t take into consideration to try it…For the Root part I really wasted some time because I forgot to export path xD

TBH some of the tips in this forum are so cryptic it feels like trying to understand klingon.
Here’s a few of mine, maybe it helps…

Initial foothold: it’s a login form, think basics, don’t over complicate it
User: It’s pretty straight forward, it’s not the first and neither the last machine vulnerable to this… even a monkey could pentest it :slight_smile: just don’t forget to sign your magic.
Root: Honestly this is a bit harder and not all the information you find online is gonna help you that much… To begin just search for what binaries a user can execute then start digging into them and see which can be exploited and how. #suid

can some1 pm me for user please?

stuck in Root, tried LinEnum, linpeas but didn’t get anything, a hint please.

@falcon01 said:

stuck in Root, tried LinEnum, linpeas but didn’t get anything, a hint please.

Manual enumeration might be a lot more effective. I think the tools will have found what you need, but it is hard to spot in their output.

Type your comment> @Ric0 said:

Hi, is anybody there to sanitize my payload, please? Stuck for some unknown reason :wink: If so PM or discord Ric0#7152

@Ric0 Did you have any luck with your payload? I can’t get mine to upload.

wrong post

Type your comment> @TazWake said:

@falcon01 said:

stuck in Root, tried LinEnum, linpeas but didn’t get anything, a hint please.

Manual enumeration might be a lot more effective. I think the tools will have found what you need, but it is hard to spot in their output.

can you PM for a nudge please ?

Fun system User was quickly done
up to root but that have to wait till tomorrow