Magic

Can someone help with initial step? Don’t know how to get www-data

Rooted! Thanks for the box, learned something in the process of hacking

Type your comment> @mrshershulya said:

Can someone help with initial step? Don’t know how to get www-data

dm

Stuck on root. found s******, looked at what it’s doing, failed to exploit. I’ve done something similar in the past, but none of the tricks i learned or searched are working. Could use a nudge. Thanks

I was able to read the root flag with cat in my impostor file, but trying to set up /bin/bash would result in a root shell echoing back my commands to me:

root@ubuntu:/root# whoami
whoami

Anyone could explain?

hey, i need some help, i have the second password for the user but i’m not able to authenticate as the user (su or ssh), should i be able to?

Type your comment> @ines said:

hey, i need some help, i have the second password for the user but i’m not able to authenticate as the user (su or ssh), should i be able to?

su will work after upgrading your shell.

Anyone for a nudge?

Spoiler Removed

@mrshershulya said:

su doesn’t work, how to get user?

Do you have a proper shell? When you say “su doesn’t work” - do you mean it rejects the password or generates an error message?

@TazWake, I spawned shell, It writes “su: Authentication failure”

@mrshershulya said:

@TazWake, I spawned shell, It writes “su: Authentication failure”

Ok, you might have the wrong password for the user you are trying. If you need/want more detail you will need to DM.

Gosh… Is there anyone I can get help with f****? I keep running an error on the p****** that is running on f**** this is for root

■■■■… Finally rooted this box heck I am breaking out in sweat for the root.

Nice box. This would be a good OSCP prep box. I think there are a couple slightly different ways to get the initial foothold.

Could someone PM me for user account? I’ve found m**** creds and been stuck on w********* shell…

I’m at the end here… struggling to use the inspection tool against the interesting binary… a nudge in the right direction would be really appreciated

Edit: Rooted. Clearly was overthinking it. Thanks @TazWake and @N0tAC0p for the nudges!

Looking for help on the basics sadly, i am having a hard time bypassing this login page. Any nudges would be great. I would like to be better at burp suite and sql injection. Help, resources, and advice would be great for me to learn. I have googled quite a bit already and tried many things. Help on bypass please!

@JitB said:

Looking for help on the basics sadly, i am having a hard time bypassing this login page. Any nudges would be great. I would like to be better at burp suite and sql injection. Help, resources, and advice would be great for me to learn. I have googled quite a bit already and tried many things. Help on bypass please!

If you google what you are trying to do there is a wealth of interesting articles which will help you.

Anything else is going to be flagged as a spoiler.

Rooted … Amazing box… DM for nudges.