Slightly deceiptful “easy” box… because it has a few red-herring. Indeed, root is “easy” if you have heard of a specific kind of vulnerability, but if you haven’t…
Rooted!
- Learn a nice new way to privesc
- Struggle for foothold like a lot of people apparently
- Rest is rather straight forward
Thanks @user0n3 for the nudge on foothold
Do not hesite to PM if you need any help, happy to help
Rooted!
Foothold: Go****** is a better option here. Take a look at possible file types on the website. The next part requires the exact tool you have in mind, but you have to create your own list
User: Google search will help you here. Newer the better
Root: Go back to the basics of privesc.
PM if you need a Nudge
I think that this box have an OSCP-like feeling, with lot of rabbits hole.
Learn a thing on the privesc part so i’m happy with this box.
Don’t hesitate to PM me for hints.
Rooted.
Definitely over thought a few things along the way, fun box.
would appreciate a nudge for user. got a shell, but i must be doing something wrong and can’t escalate to our user :T
Type your comment> @0x41 said:
would appreciate a nudge for user. got a shell, but i must be doing something wrong and can’t escalate to our user :T
enumerate more. a piece of information you already have has some things. are all the things completed?
pm me if you need another nudge.
I enumerated some of this machine yesterday and found a r*******.php file that doesn’t appear to be here today. is this expected? Was finding that file yesterday a fluke?
Type your comment> @Kainn said:
I enumerated some of this machine yesterday and found a r*******.php file that doesn’t appear to be here today. is this expected? Was finding that file yesterday a fluke?
I am assuming someone exploited the box and uploaded a file there and you saw it. I will say that file in not critical for this host.
Type your comment> @TheT3rminat0r said:
Type your comment> @Kainn said:
I enumerated some of this machine yesterday and found a r*******.php file that doesn’t appear to be here today. is this expected? Was finding that file yesterday a fluke?
I am assuming someone exploited the box and uploaded a file there and you saw it. I will say that file in not critical for this host.
That’s what I was leaning towards. Back to fuzzing. Thank you
Rooted, went down a massive rabbit hole trying to get the user. Soon as i got user root was seconds away.
Pfffft, not sure if I like this box or hate it. Went through all possible rabbit holes imaginable. LOL
Many thanks to the creator(s)!
Fun box! Will give nudges if you pm/
Thank you for this funny box @egotisticalSW unlike others, the start was easier for me! like what…
@TazWake Sorry for the previous thread, I didn’t know that now there will be an “official” thread
And thanks to @poker1 for his help on the last part. Sometimes we look too complicated…
@choupit0 said:
@TazWake Sorry for the previous thread, I didn’t know that now there will be an “official” thread
Its ok - I don’t think anyone knew. I certainly didn’t.
Anyone able to take a few quick PMs? Just trying to get something to work that should… but is not… Just need nudge on some syntax for foot fold.
@AwkwardUnicorn said:
Anyone able to take a few quick PMs? Just trying to get something to work that should… but is not… Just need nudge on some syntax for foot fold.
I will help if I can.