Magic

Argg
i do not know the stuff for root, spends hours seeking all process.
But what a fun box, i learn lots of things, even for the Rabbit holes
PM for nudge are welcome

im stuck at root

found the S.Bin

string it

but its a bit confuse.

can anybody pm me ? thx

edit: rooted !
thx for the nudge @cY83rR0H1t

Given all your comments, I must be doing something really stupid or not seeing the obvious, as I am struggling to get a foothold. I have tried 'bypassing ’ using Burp Suite and use of the ‘curl’ command but without any joy. As a nube, please can someone DM me and shed some light on what I should be doing? Thanks

I think I have the way but I am missing something critical. I can reach the desired foothold page via curl and burp repeater but am unable to interact any other way. Any nudge to get me past this bump will be greatly appreciated.

Edit - Got it. Just had to ask the question.

get user.txt.

found SU*D file S*****o (may be intersting)
use pspy64,but can’t found anything.
Need some Tips,Please PM me,thanks.


get root.txt !!!hahaha

Spoiler Removed

Nice box, I was amazed on the first foothold, so simple I nearly didn’t take into consideration to try it…For the Root part I really wasted some time because I forgot to export path xD

TBH some of the tips in this forum are so cryptic it feels like trying to understand klingon.
Here’s a few of mine, maybe it helps…

Initial foothold: it’s a login form, think basics, don’t over complicate it
User: It’s pretty straight forward, it’s not the first and neither the last machine vulnerable to this… even a monkey could pentest it :slight_smile: just don’t forget to sign your magic.
Root: Honestly this is a bit harder and not all the information you find online is gonna help you that much… To begin just search for what binaries a user can execute then start digging into them and see which can be exploited and how. #suid

can some1 pm me for user please?

stuck in Root, tried LinEnum, linpeas but didn’t get anything, a hint please.

@falcon01 said:

stuck in Root, tried LinEnum, linpeas but didn’t get anything, a hint please.

Manual enumeration might be a lot more effective. I think the tools will have found what you need, but it is hard to spot in their output.

Type your comment> @Ric0 said:

Hi, is anybody there to sanitize my payload, please? Stuck for some unknown reason :wink: If so PM or discord Ric0#7152

@Ric0 Did you have any luck with your payload? I can’t get mine to upload.

wrong post

Type your comment> @TazWake said:

@falcon01 said:

stuck in Root, tried LinEnum, linpeas but didn’t get anything, a hint please.

Manual enumeration might be a lot more effective. I think the tools will have found what you need, but it is hard to spot in their output.

can you PM for a nudge please ?

Fun system User was quickly done
up to root but that have to wait till tomorrow

I agree this could have been a box in the PWK lab (OSCP). Take careful notes on this one because you will encounter the specific techniques as well as the general approach again, guaranteed. Also note the tools you used, and references.

Also, if you know how to use ssh, then getting back in and staying in is trivial after you get user. This is commonly the case on boxes I’ve seen, also in the OSCP lab.

Must machine for anyone trying to get better at Linux Priv Esc and Web exploitation. Amazing machine. PM if you need help.

I was two hours in this boxes for first user haha. First step is basic enum only! Good luck!

reverse shell not working after upload can anyone give a nudge

Finally got user

Can someone help with initial step? Don’t know how to get www-data

Rooted! Thanks for the box, learned something in the process of hacking