Can’t root the box. Any nudges on how to use *** or is that a rabbit hole? Please PM
Rooted! Learned so much about this box.
I would appreciate a PM with any good read related to this exploit if possible.
i am stuck at the begining for 2 days now, i have found 2 ports the http and the ssh, brute-forcing dirs is useless. i can’t find any hint about where the vuln app is, can anyone pm me please
@3ll137hy said:
i am stuck at the begining for 2 days now, i have found 2 ports the http and the ssh, brute-forcing dirs is useless. i can’t find any hint about where the vuln app is, can anyone pm me please
I found nmap operating system scan useful.
a hint on how to escalate to user would be much appreciated.
I have been stuck there for a while, I found a hash and tried to crack but no luck.
I have the repo and been through it all the way but can’t figure it out
NVM got user,
Now to root
Got root and a big lesson learned.
Trying to get root.txt for a couple of days, but can’t make any progress. Could anyone help with nudge please (DM) ?
tsuller, rooted it today (with a nudge from markopasa). thanks!
@aanndd said:
tsuller, rooted it today (with a nudge from markopasa). thanks!
Awesome! If anybody wants some tip without spoilers, feel free to pm me.
i need a hint to get user shell after getting into the system . i tried many things but with no luck . is it a credentials i need to find or an exploit as i feel i lost my way .
Enumerate system, look what is running and if you cant use something.
i got admin account on the service , but i can’t execute commands using the exploit . thats why am lost
never mind i was so stupid XD
for all other people don’t fall to the rabbit hole, there is no rce exploit to get user access .
I came to say that this is an awesome box. On every spot epic! Thanks alot
got shell and trying to escalate… any1 wanna discuss/help PM me.
This is the most fun box ever Got stable RCE, can run ■■■■ as www user, no user access yet… but this is so fun it doesn’t matter much
anyone want to give a nudge? My RCE is fine, I can see the machine has something locally that smells of help with privesc to user, but I don’t have the creds really to access it…