Official Tabby Discussion

finally rooted nice box with learning stuff in TOMCAT part

i think on the free servers someone “clever” deleted the usr files periodically. i can access web.xml and context.xml but 2 important files, no access at all. same directory.

Type your comment> @chillson said:

i think on the free servers someone “clever” deleted the usr files periodically.

I too faced it.

rooted very fun box, especially liked the priv esc to root :slight_smile:

The display image used in this machine is very appropriate, this is Tom and look for Jerry :wink:

Type your comment> @Karthik0x00 said:

Type your comment> @chillson said:

i think on the free servers someone “clever” deleted the usr files periodically.

I too faced it.

I don’t think this is the case. I’m on VIP and assuming I am looking in the same place you are as I’ve found those two files as well, but the other ones I’m looking for are not there.

Rooted!
~ # whoami && id
whoami && id
root
uid=0(root) gid=0(root)

Wow, what a box. IMO foothold is the hardest part. The rest is a breeze XD.
Thanks @egre55

Hints/Nudges:
Foothold: You have to read everything carefully. Make sure you don’t overlook ANYTHING! 1 tiny miss and you are going to be stuck for the next 1-3 hours.
User: Don’t go running away. Starts by slowly looking around. Look where you started.
Root: Basic PrivEsc will get you through.

Good luck to everyone who is still doing it :wink:

PM me for nudges

Type your comment> @nav1n said:

The display image used in this machine is very appropriate, this is Tom and look for Jerry :wink:

This is an amazing hint. Nice one!

Finally rooted …!! Wow, what a machine. Thanks to the maker of this machine.
DM for nudges…!!

Could someone give me a little nudge, I’m a total noob. I’m using the L** to look around in Tabby’s guts, but for some reason I get nothing back when I try to look at t*****-*****.l using the L. Any advice would be greatly appreciated.

Rooted
Nice box, i learned a couple of new things.

If you need a nudge PM me and show what i got until now.

Done and done.
root@tabby:~# id
uid=0(root) gid=0(root) groups=0(root)

Looking back after everything sure it was an “easy” box though maybe just maybe it is on that border. required some thought. but if you enumerated and practiced some google-fu it wasn’t bad. I do think some of it has to do with how hammered the box gets on opening days as well. I know I tried quite a few times some methods that did not work, suddenly an hour later the method worked.

To whoever deleted the past few sets of hints, they have said nothing that wasn’t already said in this forum.
Foothold, enumerate. your choice of methods to get shell.
user. transition to that SHOULDN’t be too hard if you look at what you have access to
Root- standard enum and some googlefu. Its already been basically talked about in the forum so feel free to scroll up.

@egre55 nice box. You do still have typo between the sales@ . com and .htb in there .

— you know the drill, will answer questions or provide nudges, but take the 10 additional seconds and explain what you have done first

Machine still working 80** seems down?

Edit: working like normal now.

Type your comment> @razntwn said:

Machine still working 80** seems down?

Still up for me.

think i need a sanity check with what i am doing for user…or to try to get user. if anyone is down. been easy up till now lol

Stop on the road of guessing t*****-u****.x**, can someone provide a little help?
Please PM me,thanks!

Spoiler Removed

been at this for 3 hours now I keep hitting dead ends even with dir busting could someone give me a nudge please

Nice machine straight forward once you get foothold.

Some hints where I got stuck for hours (#1 & #2):

  1. What everyone’s looking for: don’t trust what you see … look behind the curtain or use something else which doesn’t need eyes [I probably hit it tens of times but dismissed it … decided to f**z it and was surprised]
  2. Foothold: Do it old school; like vi is to notepad.
  3. User: … (straight forward)
  4. Root: … (straight forward)

PM if I can help.

Man, definitely a bit stumped on how to get user. Im enjoying digging deep into the t****t installation and doing some hardcore hunting. Been reading all the docs which ive honestly never really done before, Found some interesting things, just not totally sure about the functionality of this thing yet or if it truly needs to be leveraged the way im thinking to get in.

I feel like im close but still hitting dead ends so far.