Official Blunder Discussion

Rooted after going down a couple of rabbit holes, but had fun in the process and shout out to @HurricaneSYG for the sanity check.

nice box so far, having trouble advancing from foothold though.

This exploit may require manual cleanup of ‘.*****’ on the target " - I am pretty sure that this wasn’t intended. I can’t advance further with this maybe reseting the box will help. Cause we dont have permissions to write on any files from foothold

Did anyone root this machine manually? I am successfull using msf but as I am preparing towards OSCP I want to do manual exploitation. Can anyone help me pls?

initial foothold and user: way too much magic for my liking and rabbit holes because common tools not working/not being enough…

Rooted! nice and easy box

Having fun on this box, started about an hour ago. what i need to say though is can people please clear their artifacts i.e.e leftover scripts and files as it gives away the game to easily.

I would normally have reset before I started but not when a box is this busy.

Spoiler Removed

Ok, I’m bit stuck at root. I’d appreciate a nudge.

I found a screenshot of the root.txt in a user’s directory, is it intended?

Type your comment> @Nism0 said:

Ok, I’m bit stuck at root. I’d appreciate a nudge.

Okay! Refer recent vulnerabilities on privilege escallation!

Spoiler Removed

Type your comment> @Nism0 said:

Ok, I’m bit stuck at root. I’d appreciate a nudge.

Just google one thing, that you will eventually find while looking for privesc.

Finally found the password with a helpful nudge from @Karthik0x00 . Turns out I had the correct password in my custom wordlist but my fuzzer breezed right through it. I have a hunch about what went wrong but I’d rather not discuss it publicly. Is anyone available to PM about the networking side of things?

Just rooted, thanks to @Karthik0x00.
Cool bug for getting root, but I’d not figure this out by myself.
Kudos for those who did that by themselves!

Rooted the box, it was a new way for me compared to how I might normally do that privesc.

Enumeration is key, no need for brute force at all. foothold to user 10 minutes, user to root 2 minutes.
As with most cases getting foothold is the toughest part.
Fun box

Rooted! feel free to dm for any nudges

Nice box but ran into a lot of problems along the way, needed some help to get back on track…
For User if you found u****.p** in one place maybe look for another one :slight_smile:
Will be happy to give nudges if you need one!

I could use a nudge if anyone wants to help… I have my foothold and I can read the filesystem (I see the two flag files) but I can’t figure out how to escalate my privileges. Please DM!

Thanks heaps for the fun box!!!

User was pretty fun , root took me a while cuz I stepped way too far and went down a rabbit hole of hezza! Got there in the end tho!

Many thanks :slight_smile: