Official Tabby Discussion

I would appreciate a nudge to get foothold via PM.
Since release I have been stuck looking for -.xml.
All along I have been able to read /e
*/p****d via n**s.**p

Paths you see everywhere all the time are most likely not to help you a huge amount when it comes to finding this.
Package maintainers. File lists. Look & you will find.

Rooted! Thanks to @Silv3rDawg23 for nudge on foothold which was the hardest part of this box and most interesting.

Foothold:

It might be really hard to guest the path (although it’s easier to guess it than to enumerate it IMO). Everything what you need is on default page. All you have to do is a bit of guessing…

User:

This is pretty straight-forward. Just enumerate as usual.

Root:

Wasn’t too hard, but I was new to it. Common enum script reveals most of the needed info. After you collect those info, Google is your friend.

root@tabby:~# id; hostname;
uid=0(root) gid=0(root) groups=0(root)
tabby

I’d be happy to help someone who’s stuck :blush:

Finally rooted the box. Great box @egre55.

user wasn’t too obvious attention to detail is key for this one. Went straight over my head and went down a fat rabbit hole, but the privesc - I was thinking to myself im looking forward to a privesc with this technology. It finally came, thanks makers!

Rooted. Like many others have said, the first step is tricky, but once you get beyond that it really is:

  1. Find something with very simple enumeration
  2. Google which tool or script can be used for that something you found
  3. Run the tool or script
  4. Repeat steps 1-3 until root

Feel free to PM for any nudges.

Rooted!! :smiley:
learned Many things from the machine.
for foothold: You have everything in front of you, do somethings locally also to find what will be happening in the machine.
for user: just enumerate the basics and sometimes some things don’t belong to things you get from.
for root: a new concept for me and a very easy way to root the machine, see what your user have with him.

Rooted, nice little box. I missed the initial t****t port on my scan, which lead me down a bad rabbit hole. The foothold → user was a ‘duh’ moment for me. I was annoyed at it not feeling ‘realistic’, but after thinking about it, it makes sense. Everyone is lazy, especially in crisis moments.

Foothold

Enumeration & google are your friends.

User

Remember that sysadmins are lazy.

Root

Again, look around at what’s running and google.

Last login: Wed Jun 17 21:58:30 2020 from 10.10.14.2
root@tabby:~# id && hostname && ip addr | awk '/inet 10.10.10/ {print $2}'
uid=0(root) gid=0(root) groups=0(root)
tabby
10.10.10.194/24
root@tabby:~# logout
Connection to 10.10.10.194 closed.

Spoiler Removed

Need some help guessing the L**. I have installed the tomcat locally and tried to guess all the paths where the x*l might be located to no avail. PM me pls

There is a unix command faster than find that can help get the x** file path(s) if you have installed the app locally

Rooted. It was always fun learning new methods of privilege escalation. Indeed I read quite a bit for this box. Thanks box creator.

Look out for unusual stuff! Beware of the rabbit hole, if you think you’re digging way too long, you probably going the wrong direction. If you find something strange, go for it!

Root was quite straightforward. took less than an hour to do it because understanding this method of privileges escalation takes time & also my first time doing it. haha

nudge me if you need help :smile:

Type your comment> @kcaaj said:

Paths you see everywhere all the time are most likely not to help you a huge amount when it comes to finding this.
Package maintainers. File lists. Look & you will find.

Was wondering if you could elaborate? I was showed the file path and still have no clue how someone is supposed to discover it. I also have seen the file listing you mentioned for the package in question from MULTIPLE maintainers and the one that contains the answer isn’t even for the correct OS.

Type your comment> @sloth1985 said:

Well, like a lot of other people on here I’m having trouble finding a certain file for the initial foothold. I’ve tried installing t****t locally as a few people have suggested and the file I am looking for is where it should be (two places in fact) but using the same path(s) on Tabby gives me nothing.

I’m a little bit stuck now.

Since, you have installed it locally. I know that you know the location of file, But problem is with the box… For me I was trying the right location but the box was sending nothing back and I even tried in bu******e but no luck. But, Suddenly ( I don’t know if anyone done reset of box) it worked!!!

Pro tip:- Try Resetting box… Especially if you are on free server. And location of file is were you think!!?

Type your comment> @zweeden said:

Type your comment> @kcaaj said:

Paths you see everywhere all the time are most likely not to help you a huge amount when it comes to finding this.
Package maintainers. File lists. Look & you will find.

Was wondering if you could elaborate? I was showed the file path and still have no clue how someone is supposed to discover it. I also have seen the file listing you mentioned for the package in question from MULTIPLE maintainers and the one that contains the answer isn’t even for the correct OS.

There is something which can get you that file to proceed further - consider it chained in easy terms :wink:

pm for hints

Come on, guys. Don’t reset the machine unnecessarily.

@Karthik0x00 yes absolutely i was gonna say the same .Totally unnecessary

I learned a lot on this one! Thanks @egre55 !

Foothold: frustrating, but the hints in this thread should be enough for first part
for second part, there can be multiple ways to get your file up there…
User: enum, find that file… you already found Tom, now poke around Jerry :wink:
Root: easiest part, just follow along, sometimes you want to be stuck in a box
+thanks for the box @egre55 , and to those who nudged me