Just rooted the box.
Easy box. Thank to @egotisticalSW for creating such cool and nice box.
If anyone need a hint, message me.
Just rooted the box.
Easy box. Thank to @egotisticalSW for creating such cool and nice box.
If anyone need a hint, message me.
Box has been too unstable for the last 3 hours, I can’t have 200 successful pings in a row… On VIP… ?
64 bytes from 10.10.10.191: icmp_seq=192 ttl=63 time=148 ms
64 bytes from 10.10.10.191: icmp_seq=193 ttl=63 time=148 ms
64 bytes from 10.10.10.191: icmp_seq=194 ttl=63 time=148 ms
64 bytes from 10.10.10.191: icmp_seq=195 ttl=63 time=148 ms
64 bytes from 10.10.10.191: icmp_seq=196 ttl=63 time=150 ms
64 bytes from 10.10.10.191: icmp_seq=197 ttl=63 time=148 ms
64 bytes from 10.10.10.191: icmp_seq=198 ttl=63 time=149 ms
^C
— 10.10.10.191 ping statistics —
230 packets transmitted, 121 received, 47.3913% packet loss, time 231831ms
rtt min/avg/max/mdev = 147.314/149.110/191.223/4.216 ms
root@kali:~/Downloads#
Edit: Finally got it…
Hello! anyone can private message me for a hint on how to get R***** C*** E******** without using MS**?? thank you very much! =)
EDITED: Finally got it manually. I think it will be easy when the machine is not so unstable.
PM for a nudge if needed!
rooted!
Struggled abit with the foothold but when I got in the machine the privesc to root was easy.
Feel free to pm if you are stuck:)
edited
Slightly deceiptful “easy” box… because it has a few red-herring. Indeed, root is “easy” if you have heard of a specific kind of vulnerability, but if you haven’t…
Rooted!
Thanks @user0n3 for the nudge on foothold
Do not hesite to PM if you need any help, happy to help
Rooted!
Foothold: Go****** is a better option here. Take a look at possible file types on the website. The next part requires the exact tool you have in mind, but you have to create your own list
User: Google search will help you here. Newer the better
Root: Go back to the basics of privesc.
PM if you need a Nudge
I think that this box have an OSCP-like feeling, with lot of rabbits hole.
Learn a thing on the privesc part so i’m happy with this box.
Don’t hesitate to PM me for hints.
Rooted.
Definitely over thought a few things along the way, fun box.
would appreciate a nudge for user. got a shell, but i must be doing something wrong and can’t escalate to our user :T
Type your comment> @0x41 said:
would appreciate a nudge for user. got a shell, but i must be doing something wrong and can’t escalate to our user :T
enumerate more. a piece of information you already have has some things. are all the things completed?
pm me if you need another nudge.
I enumerated some of this machine yesterday and found a r*******.php file that doesn’t appear to be here today. is this expected? Was finding that file yesterday a fluke?
Type your comment> @Kainn said:
I enumerated some of this machine yesterday and found a r*******.php file that doesn’t appear to be here today. is this expected? Was finding that file yesterday a fluke?
I am assuming someone exploited the box and uploaded a file there and you saw it. I will say that file in not critical for this host.
Type your comment> @TheT3rminat0r said:
Type your comment> @Kainn said:
I enumerated some of this machine yesterday and found a r*******.php file that doesn’t appear to be here today. is this expected? Was finding that file yesterday a fluke?
I am assuming someone exploited the box and uploaded a file there and you saw it. I will say that file in not critical for this host.
That’s what I was leaning towards. Back to fuzzing. Thank you
Rooted, went down a massive rabbit hole trying to get the user. Soon as i got user root was seconds away.
Pfffft, not sure if I like this box or hate it. Went through all possible rabbit holes imaginable. LOL
Many thanks to the creator(s)!