Official Tabby Discussion

Can anyone confirm if root on this box is really, really easy or did I use a box someone had left broken (just waiting for a reset to confirm!)

Ah, yeah, the box was left broken. People really are lazy.

Rooted! very interesting box!

Initial: Read the documentation properly. If you can’t pass credentials then think of other ways to authenticate— api basics

User: i struggled here and stuck in rabbit hole. Linpeas should give you right away.

Root: This is straight forward once you are here. Basic enumeration and google will give you root.

Happy Hacking! DM for help and if this spoiler please remove it.

Type your comment> @TazWake said:

Ah, yeah, the box was left broken. People really are lazy.

What issue you encountered while rooting?

@gunroot said:

Type your comment> @TazWake said:

Ah, yeah, the box was left broken. People really are lazy.

What issue you encountered while rooting?

First time round, my user account could do things as the super user without a password. After a reboot this was no longer the case.

Rooted - nice box overall

Foothold was the most annoying, but a lesson in reading what you have and reading the appropriate docs
User, I spent more time on this, but that was my own stupidity. I was on the right track, just the execution sucked
Root, was enumeration then google and follow the instructions

Rooted.

Hi - would love a nudge or DM. Have foothold as tabby, trying to go from 997 > 1000. Can’t see the wood from the trees based on other comments! … been enumerating for half a day and cant see the obvious thing I’m supposed to. Found a *******_up.ip file, and a reference in gecos field to a non-existent user c. Am I on right track? If so i stumped…

Type your comment> @holeymoley said:

Hi - would love a nudge or DM. Have foothold as tabby, trying to go from 997 > 1000. Can’t see the wood from the trees based on other comments! … been enumerating for half a day and cant see the obvious thing I’m supposed to. Found a *******_up.ip file, and a reference in gecos field to a non-existent user c. Am I on right track? If so i stumped…

Feel free to DM me

ROOTED!! Fun PE and fun box, especially once everyone stopped with the resetting. Thanks!

I have the credentials. How can I login to the mr? Or, how can I jump from the ht-Mr to the M***r?

Rooted, well its was a easy-medium box for me.
Lot of little tricks everywhere along the road.
PM for nudge.

Type your comment> @p3r14n3gr4 said:

I have the credentials. How can I login to the mr? Or, how can I jump from the ht-Mr to the M***r?

You don’t need to jump higher, current user can do it. Check the vendors docs as to what you can do with the powers of the ‘role’ you have. A bit of curley-wurley later, then to a txt mode will get you off to war soon enough…

ROOTED!

I had a lot of fun with this machine: I always like to play with the cat, even if the foothold was quite tricky, so thanks @egre55

Foothold: this was the most difficult part for me, I want to give you two tips:

  1. sometimes you “see” more without a GUI
  2. install and run that service locally, it helped me both with the LI and the WR

User: if a file belongs to who you are looking for probably it is useful…

Root: I realized what to exploit almost immediately (thanks Google) but then I wasted a lot of time due to a “location” issue. Nice technique btw!

As always feel free to PM (here, not in my wall please) if you need help!

Type your comment> @TazWake said:

@gunroot said:

(Quote)
First time round, my user account could do things as the super user without a password. After a reboot this was no longer the case.

Oh! That’s awkward bro. Some people forgot to clear the tracks they created.

Type your comment> @holeymoley said:

Type your comment> @p3r14n3gr4 said:

I have the credentials. How can I login to the mr? Or, how can I jump from the ht-Mr to the M***r?

You don’t need to jump higher, current user can do it. Check the vendors docs as to what you can do with the powers of the ‘role’ you have. A bit of curley-wurley later, then to a txt mode will get you off to war soon enough…

Trying that, but “401 Unauthorized” always

Type your comment> @p3r14n3gr4 said:

Type your comment> @holeymoley said:

Type your comment> @p3r14n3gr4 said:

I have the credentials. How can I login to the mr? Or, how can I jump from the ht-Mr to the M***r?

You don’t need to jump higher, current user can do it. Check the vendors docs as to what you can do with the powers of the ‘role’ you have. A bit of curley-wurley later, then to a txt mode will get you off to war soon enough…

Trying that, but “401 Unauthorized” always

try to enclose your pwd in single quotes in your command - there are a few characters in it that might be expanded otherwise… also double and treble check the path in the address you call, it should be to m*****r not ****-******r

Thank you!!!

Type your comment> @holeymoley said:

Type your comment> @p3r14n3gr4 said:

Type your comment> @holeymoley said:

Type your comment> @p3r14n3gr4 said:

I have the credentials. How can I login to the mr? Or, how can I jump from the ht-Mr to the M***r?

You don’t need to jump higher, current user can do it. Check the vendors docs as to what you can do with the powers of the ‘role’ you have. A bit of curley-wurley later, then to a txt mode will get you off to war soon enough…

Trying that, but “401 Unauthorized” always

try to enclose your pwd in single quotes in your command - there are a few characters in it that might be expanded otherwise… also double and treble check the path in the address you call, it should be to m*****r not ****-******r

I gave you respect

Type your comment> @Achille said:

Root: I realized what to exploit almost immediately (thanks Google) but then I wasted a lot of time due to a “location” issue. Nice technique btw!

I think I have the same problem and, frankly, I think I’m going crazy. A little nudge, maybe?