Official Tabby Discussion

@Ac1d0 said:
Hello everyone, I was able to get t***** shell but I can’t find any way to get into a**… can someone give me a nudge?

Find files written by the user, for the user?

Type your comment> @limbernie said:

@Balzabu said:
Hello everyone, I was able to get t***** shell but I can’t find any way to get into a**… can someone give me a nudge?

Find files written by the user, for the user?

I can’t seem to find anything… ill keep trying!

Edit: I’ve managed to complete the box! Thanks again to @rub1ks and @limbernie for their precious help!

Got root. Have to admit, was getting pretty frustrated looking for that file during user phase. Once I found it though it was pretty smooth sailing to root.
Fun box. I’m probably going to back into it when I get some time and really try to understand everything that was going on.

Dm for help. I’m more responsive on Discord tho.

What the Heck!! I rooted this box twice, but there is no root.txt at all !!

UPDATE
Rooted and captured the root flag.

found it

I feel so dumb. I’ve been giving the system a shake down for user creds and I’ve had them for 2 days…helps to sleep I guess .

Rooted! The first machine I rooted without a single nudge:') Thanks for the awesome box @egre55 , had a ton of fun:D Feel free to DM me if you feel you’re stuck

Type your comment> @termtype said:

Type your comment> @7h3B4dg3r said:

I’ve been trying for hours to upload a war file with curl, but all I get is a “401 - Unauthorized”. Is there another user apart from t****t that i need to find to get there or did I just messed up the commands?

Probably the syntax of your command, you have the correct user to do the job as it has the manager-script role.

I got it. I was providing credentials in a wrong way. I captured my curl command with Burp and it was pretty obvious.
If someone else is having the same problem analyze what your sending.

Thanks for the nudge.

Rooted, fun box. Feel free to pm for a nudge. Tell me what you’ve already tried though.

I’m keen to understand why the L** path to get the coveted foothold creds file is what it turns out to be, its not making sense as to why logically that’s the full path.

Anyone up for sparing a minute and shooting me a PM to enlighten me?
I did install locally as well.

P.S. Have already got root etc after an initial path nudge from @gunroot (cheers again!), just trying to understand the initial part.

Cheers!

Cheers @HomeSen for the explainer, makes more sense now

Rooted Tabby. If anyone need nudge can pm me.

I got access to host-manager and i found way to deploy file. But i get the message “FAIL - Failed to deploy application at context path”

Yess: rooted!
Very cool box. I knew about root priv sec method, but newer tried it before. Thanks for that!

Uff Finally rooted!

Feel free to message me for any kind of nudges!

But let me know where you are in the box journey…

Nice and good box. But I hate getting the initial foothold. It sucks me.

Please DM me can’t get user from t*****. Is ba****.z** a rabbit hole?

Type your comment> @sn0b4ll said:

Good machine. If you are stuck with l** not finding the i**** or other strange errors, don’t try to run the commands from /tmp/ but from some user folder.

#THIS

:+1:

I’m still looking for the user file. I think I know the path because I can read the t****t.service file. But no luck so far with that route. Can you help me please?

how are people getting the L*** thing?!
is it from directory bruteforcing?

Type your comment> @in3vitab13 said:

how are people getting the L*** thing?!
is it from directory bruteforcing?

Look behind what you see.