Official Tabby Discussion

Type your comment> @Nihack said:

Stuck after getting the shell, any hint that gives me an idea of what file should i look for? spent hours browsing the whole machine xD

Try to search a file written by the user

Type your comment> @0xstain said:

Type your comment> @Nihack said:

Stuck after getting the shell, any hint that gives me an idea of what file should i look for? spent hours browsing the whole machine xD

Try to search a file written by the user

The file which need some hammering on it. Enumerate the entire dir which you get while landing your initial shell. Remember the user is lazy.

Rooted , thx for box

PM for nudge.

Done it, learnt a few interesting things.
Foothold: someone says is ctfy, someone not…well, I think it depends a lot on your mindset. If you are one who thinks that an easy machine should spoonfeed everything to go ahead, then yes, you can think it’s ctf.
If you think that a machine, whatever level should be, must drive you in a learning path, then it is not at all.
User: wysiwyg
Root: i literally spent hours trying to understand why i was failing despite doing exactly what was needed…then eventually i discovered that gaining a working shell sometimes is not enough…

Did the priv esc, but not sure if it was the intended path because it was unintended on some other boxes

Hi,

Get the shell as user t*****t but from here, don’t see any direction to find the user flag.
find all file that user have access, but just don’t get how to do this.
Any help will be nice

Well, Foothold wasn’t that easy to me, I think it’s difficult to guess and to deal with that service to do what you want to do. The rest, pretty straight forward.

Foothold: my hint is, try to read that file exploiting that L** vuln. Then you just have to use what you got, and read the service docs; using GUI is not always the best way to upload thinks, you can use other Terminal tools.

User: just enum, begin always near were you start, and look for files that you can read (can you?)

Root: well, It was new to me, so I had to spend long time checking l****um and other tools output… you need to know “who you are”, and then check what can you do with that at Google; you will found a POC to exploit that easily. This part is hard when you use free labs

PM if need a some help

Type your comment> @GoorMoon said:

Hi,

Get the shell as user t*****t but from here, don’t see any direction to find the user flag.
find all file that user have access, but just don’t get how to do this.
Any help will be nice

Have you identified the the username on the system you are trying to compromise? If so, then Google is your friend – search how to use the ‘find’ command to search the system for files owned by that user, and dig deeper… “the answer is out there, Neo, and it’s looking for you, and it will find you if you want it to…” (no - that’s not a hint or a nudge…)

Type your comment> @ricm916 said:

Type your comment> @GoorMoon said:

Hi,

Get the shell as user t*****t but from here, don’t see any direction to find the user flag.
find all file that user have access, but just don’t get how to do this.
Any help will be nice

Have you identified the the username on the system you are trying to compromise? If so, then Google is your friend – search how to use the ‘find’ command to search the system for files owned by that user, and dig deeper… “the answer is out there, Neo, and it’s looking for you, and it will find you if you want it to…” (no - that’s not a hint or a nudge…)

Thanks,

How i was stupid :slight_smile:

Type your comment> @GoorMoon said:

Type your comment> @ricm916 said:

Type your comment> @GoorMoon said:

Hi,

Get the shell as user t*****t but from here, don’t see any direction to find the user flag.
find all file that user have access, but just don’t get how to do this.
Any help will be nice

Have you identified the the username on the system you are trying to compromise? If so, then Google is your friend – search how to use the ‘find’ command to search the system for files owned by that user, and dig deeper… “the answer is out there, Neo, and it’s looking for you, and it will find you if you want it to…” (no - that’s not a hint or a nudge…)

Thanks,

How i was stupid :slight_smile:

We are never stupid… just stumped sometimes… it’s easy to NOT SEE what is right in front of you… in the past, when I was stumped while working on a project, I would go explain to someone what I was doing and where I was stuck, and usually just talking through it to someone else (who didn’t have to be knowledgeable with the subject matter, in fact better if not) would open my mind to what I was missing…

Good Luck!

@ricm916 said:
We are never stupid… just stumped sometimes… it’s easy to NOT SEE what is right in front of you… in the past, when I was stumped while working on a project, I would go explain to someone what I was doing and where I was stuck, and usually just talking through it to someone else (who didn’t have to be knowledgeable with the subject matter, in fact better if not) would open my mind to what I was missing…

Good Luck!

I cracked the pass after few minutes then get access to the box. and forgot about it :frowning:
Thanks again.

Type your comment> @GoorMoon said:

@ricm916 said:
We are never stupid… just stumped sometimes… it’s easy to NOT SEE what is right in front of you… in the past, when I was stumped while working on a project, I would go explain to someone what I was doing and where I was stuck, and usually just talking through it to someone else (who didn’t have to be knowledgeable with the subject matter, in fact better if not) would open my mind to what I was missing…

Good Luck!

I cracked the pass after few minutes then get access to the box. and forgot about it :frowning:
Thanks again.

outstanding! on to root for you!

Finally rooted!!
Learnt a lot of new things, thanks to the creator.

PM for nudges

Just got user… On to root.

For those that may have trouble getting the foothold path. I’d try locally like many have said.

For user… I feel like an idiot. Had the info I needed right in front of me and didn’t realize to use it for far too long. For those that feel stuck feel free to PM!

I don’t usually ask for help because most of the time it isn’t required by me, but this time it’s different, can someone PM me a nudge or something? I’m so stuck on the initial foothold and that xml file, literally tried everything, Repliacated the environment with the same vulnerability, works in my environment but not Tabby’s. Feel like I’m actually going insane. I know what to do, but don’t know what I’m doing wrong.

Finally got user but my shell is super unstable. I timeout or crash after inputting a few commands. I can’t ssh without a key, any tricks to make the shell more stable?

Rooted. I could finally get a couple of hours to work on this machine. My knowledge is focused on infrastructure and this machine has taught me a lot of web application tricks. Thanks @egre55
Thanks to @UGlz and @Zaitchev for his clues.
PD: The privesc for root was original.

Wow!!!

Finally rooted ! Thanks @ricm916
Thanks @egre55

was very fun :slight_smile:

I must say that this was (imho ;-)) the best “Easy” box in a while. The “cat” technology used is really something you will find millions of times out there in companies that are not startups using the latest fancy hyped technologies. So my irrelevant advice would be to pay attention, the box is very realistic.

i learn tons of new things

finally rooted, i hate foothold :smiley: and priv esc is really cool,i didn see this method before

thanks for this machine @egre55