Rooted after going down a couple of rabbit holes, but had fun in the process and shout out to @HurricaneSYG for the sanity check.
nice box so far, having trouble advancing from foothold though.
This exploit may require manual cleanup of ‘.*****’ on the target " - I am pretty sure that this wasn’t intended. I can’t advance further with this maybe reseting the box will help. Cause we dont have permissions to write on any files from foothold
Did anyone root this machine manually? I am successfull using msf but as I am preparing towards OSCP I want to do manual exploitation. Can anyone help me pls?
initial foothold and user: way too much magic for my liking and rabbit holes because common tools not working/not being enough…
Rooted! nice and easy box
Having fun on this box, started about an hour ago. what i need to say though is can people please clear their artifacts i.e.e leftover scripts and files as it gives away the game to easily.
I would normally have reset before I started but not when a box is this busy.
Spoiler Removed
Ok, I’m bit stuck at root. I’d appreciate a nudge.
I found a screenshot of the root.txt in a user’s directory, is it intended?
Type your comment> @Nism0 said:
Ok, I’m bit stuck at root. I’d appreciate a nudge.
Okay! Refer recent vulnerabilities on privilege escallation!
Spoiler Removed
Type your comment> @Nism0 said:
Ok, I’m bit stuck at root. I’d appreciate a nudge.
Just google one thing, that you will eventually find while looking for privesc.
Finally found the password with a helpful nudge from @Karthik0x00 . Turns out I had the correct password in my custom wordlist but my fuzzer breezed right through it. I have a hunch about what went wrong but I’d rather not discuss it publicly. Is anyone available to PM about the networking side of things?
Just rooted, thanks to @Karthik0x00.
Cool bug for getting root, but I’d not figure this out by myself.
Kudos for those who did that by themselves!
Rooted the box, it was a new way for me compared to how I might normally do that privesc.
Enumeration is key, no need for brute force at all. foothold to user 10 minutes, user to root 2 minutes.
As with most cases getting foothold is the toughest part.
Fun box
Rooted! feel free to dm for any nudges
Nice box but ran into a lot of problems along the way, needed some help to get back on track…
For User if you found u****.p** in one place maybe look for another one
Will be happy to give nudges if you need one!
I could use a nudge if anyone wants to help… I have my foothold and I can read the filesystem (I see the two flag files) but I can’t figure out how to escalate my privileges. Please DM!
Thanks heaps for the fun box!!!
User was pretty fun , root took me a while cuz I stepped way too far and went down a rabbit hole of hezza! Got there in the end tho!
Many thanks