Book

Got root with python and nc reverse shell but persistence is a problem gives me enough time to cat root.txt but would like to understand if I could keep persistence shell.

Any hints which reverse shell used? PM me?

Type your comment> @razntwn said:

Got root with python and nc reverse shell but persistence is a problem gives me enough time to cat root.txt but would like to understand if I could keep persistence shell.

Any hints which reverse shell used? PM me?

At once you got shell in NC, append your public key in authorized_keys. Then do stable SSH.

@gunroot thanks … the simplest solutions are the most elegant; I have to not overthink it like trying a bunch of different shells with same results … storing this info for next time.

Finally rooted the box. It was a great learning experiance thanks to @MrR3boot. The Best “Book” I ever read :wink:
However, i would stuck on few points for ever if @TazWake wouldn’t nudge me.

The initial foothold was the most interesting part to me as I never seen this vulnerability before.

From there, user was piece of cake.
However, I’ve been struggling with root because even I knew how the exploit works I didn’t know how the service exactly works thus could not trigger it properly which turned out to be really easy.

Thanks!

Can someone PM the article mentioned to understand the vulnerability to override the a***n creds?

@MrR3boot - Great box!!! Learned few things.

For hackers attempting this box , most of the hints are on this forum. I will just summarize for ready reference.

Initial foothold - enumerate the site. dirb, dirsearch are good tools to use. Pay attention to data you see after you register and logon to the site. Anything that has @ in it. Using this information try to register and get access to second console.

user - This was the most difficult part for me. Pay attention to data you input on console 1 and see how that data is rendered on console 2. Great learning!!

Root- pay attention to enumeration tools like linPEAS or linENUM and take hints from them. It is easy to miss. ( In my analysis, I missed the critical info initially).

Feel free to DM me or catch me on Discord channel, if you get stuck.

@Morlax said:

Can someone PM the article mentioned to understand the vulnerability to override the a***n creds?

If you are still stuck, drop me a PM.

Rooted this box. Tad frustrating. After I got passed the foothold I was kicking myself for not seeing it sooner, even looked right at the relevant information. After that, felt like you needed to make an educated guess on what to google to get user. Might be tough to make that leap.
Root was interesting, wasn’t too hard to figure out the path once you had user. The problem might just be getting it to work.

My advice for root would be to make sure you really understand what the exploit is doing. Read it, read blog posts about it, don’t just blindly launch it and cross your fingers. If you’re confident it should be working, and it isn’t, reset the box.

DM me if you need a hint but I’m a lot more responsive on discord if you’d rather message me there.

GotRoot!

This one was interesting I really did love the machine but for some reason, I really had trouble with root. Either way, a lot of the exploits were creative and different which I liked and this box definitely makes you think of how you can leverage multiple areas of the box to get a working exploit.

Foothold

Overflow is your friend. Can’t say much or else it will give it away but this one is tricky to find you just need to do a lot of Googling. Once you’re in see how you could leverage your new-found access to your advantage and google around for exploits.

User

Get the keys to the kingdom

Root

I had such an issue with root and was overthinking it for a while since I’ve never saw this priv esc before. Make sure to be spying and search for specific topics relating to what’s in your home. After that do a lot of reading online and change some things up.

If you need a nudge feel free to PM me
@MrR3boot Thank you for an amazing box

I’m running into a wall on the initial foothold and am hoping to get some assistance. I’ve tried several things, i think i have a general idea of what I need to do, but I can’t seem to nail it. My google-fu on the technique is failing me, so I haven’t been able to find any articles that might help.

A nudge would be cool :wink:

Wow rooted :slight_smile: I liked this box
Initial Foothold was so much time consuming(I spend so much time !)
Root is easy if you know what to exploit !!

If you are stuck, I’m happy to help.

Rooted!
PM me if needed

Rooted! It was bit of a hard box since I didn’t knew that specific attack vector
Special thanx for @rub1ks for that deep patience in teaching me… :love:

Foothold : Enum Enum Enum… Don’t over think, its pretty straight forward… just an advice, sometimes you must go beyond your limits to find your true potential… And always remember that a true warrior makes what he wants :wink: This one will be tricky if you don’t know about that type of attack vector…

User : Sometimes 2 things may look same but can have different accesses… careful enum will show you that something is reused somewhere else… give what it asks for and trick it to get your keys to the kingdom :smiley: … always keep in mind that going forward is better than going reverse :wink:

Root : enumeration is the key… Pspy did the trick for me… once you find what to need, simple googling will give you the exploit… But, make sure that what you use, is there in the box ( this got me into a rabbit hole :unamused: )… Let me remind you that empty pockets are worthless and also you need to be fast enough to get the keys to the kingdom… :naughty:

Hope that I am not spoiling the box! :blush:

Feel free to DM if you need any help… :sweat_smile:
You can also find me on discord ciphercode#4438 :naughty:

@ciphercode said:
Special thanx for @rub1ks for that deep patience in teaching me… :love:

Happy to help! :wink:

Rooted! This was a really fun box! :slight_smile:

Rooted !
Feel free to pm me for nudges

Rooted,
This was a interesting machine as it had very different kind of exploit which requires you to really think about the ways you can use the exploit

Foothold: Login in as a user and try to steal his identity. Make sure you always “text”.
User:try to change the data you download
Root:look at home and look for something out of the place and then rotate your way to root

PM, If you need help

Hi ,
Need some help with root.

I have identified the vulnerable service and the exploit. I am having a hard time triggering the exploit. I point it to a file that ends with .1 (I hope this is the right one) and the exploit runs when i edit the file but nothing happens. I have tried with multiple payloads but all failed.

Can someone PM a hint.

■■■■ It worked when i reset the box.

If anyone want any hints feel free to PM

Just wait maybe ?. If you read the details of the exploit, a final crucial event must happen. The box creator has taken care of this… patience…and when u get in, look around and see how it was done…but be quick!

Just trying to be better !