Official Tabby Discussion

Type your comment> @x03 said:

L** is there - user guess is ok with 1000 under ***d - a, tried locating *-.xml but not able to find data for login … is it the correct path?

same here. was able to get some information about the exact location of where it’s running from, but no success on the -.x*

Type your comment> @Dviros said:

Type your comment> @x03 said:

L** is there - user guess is ok with 1000 under ***d - a, tried locating *-.xml but not able to find data for login … is it the correct path?

same here. was able to get some information about the exact location of where it’s running from, but no success on the -.x*

finally got it. now i’m trying to start something but for now it fails

Finally moved past the part I was stuck on for ages, which most of you are/will be…
What you’re seeking isn’t in a well-known place…

Spoiler Removed

I’m starting to think the tc creds are a rabbit hole haha. This is weird.

Type your comment> @chicxulub said:

I’m starting to think the tc creds are a rabbit hole haha. This is weird.

Yeah… Passing one obstacle seems to present an even weirder one.

at least I’m learning to try and push the limits of L** …
/pr** and /ec have interesting files that can be read, but none helpful so far
need a better tool than B
** that can sort responses by length, not by status code

Type your comment> @Zoinks said:

at least I’m learning to try and push the limits of L** …
/pr** and /ec have interesting files that can be read, but none helpful so far
need a better tool than B
** that can sort responses by length, not by status code

At this stage no tools are necessary.

Type your comment> @Rocketeer said:

Type your comment> @TazWake said:

People asking for nudges / hints - the box has been up for under two hours with about <5 people getting root. Calm down a little, practice some patience and enumerate more.

You can’t tell us what to do and what not to do in this forum, its a completly open forum and everybody can write whatever they want in here. Its the people’s choice to answer the questions or to ask them.

What is with this aggressive response? Taz made a sensible post regarding early box nudges. Calm down buddy!

any hints after L** Tried every approach log ones and procs one also but got nothing tried to get ssh keys and tomcat files but nothing

Type your comment> @liquidrage said:

any hints after L** Tried every approach log ones and procs one also but got nothing tried to get ssh keys and tomcat files but nothing

Put yourself in the shoes of the person who installed tomcat.

Edit: Just rooted this box no more than 5 minutes ago. Fun box, learned a few things. Often found myself going around in circles when the way out was under my ■■■■ nose. Foothold is the most challenging part. After that it’s a breeze.

stuck at L** … any nudesg on right direction?

Pretty straightforward and fun box. Learned a lot!

My only hint.
Foothold: If you know what’s running, you’ll eventually know where to Look For Items. Enumerate.

root@tabby:~# whoami; id; hostname
root
uid=0(root) gid=0(root) groups=0(root)
tabby

rooted :slight_smile:

i could access number of files from tomcat in /usr /var but not from /etc any hints

Finally, got it.

My honest point:

The foothold is completely clueless. I know there is “some sense” behind it … but this is another one of those CTF-style steps. I don’t mean that this is all bad, it all depends on what you are looking for when solving a box. For me … this was not “real life” at all.

For those who are stuck on foothold … well, pay attention in a particular page information. That’s all I could say without spoilers.

User: I know you are seeing that file… Yes… go ahead, it is there.
Root: Basic enum. You will notice something unusual.

Got a low priv shell, but no attack vectors for user…

Type your comment> @Rocketeer said:

Got a low priv shell, but no attack vectors for user…
same here I have shell but nothing further

need hint for privs

got user i need hints with root