Admirer

rooted! If anyone need help just DM
TambiƩn en espaƱol :wink:

Root it :blush: thanks for @ka1z3n for help

Admirer done. Really enjoyed this. A good logical path through to user with some rabbit holes along the way for good measure. Root was easier and good example of a technique I was aware of, but have never done before. Thanks to @GibParadox & @polarbearer
As others have said read everything and try to understand what it is telling you. Learnt how to better use tools I knew and some I didnā€™t.
Happy to provide nudges. Feel free to PM.

Finally rooted this machine
Thanks @mervan and @hughesdg for the final nudge
It was fun and a logical machine foothold was frustrating but once you understand, it becomes easy

Foothold:look at what robots have to say. Go to the place they point and enumerate and enumerate till you reach the gate,

User : Read the file which you visited at the very beginning and that has the necessary thing, use that to get inside the machine

Root : Past is the answer to your problem.

PM if you need help

Why does it keep saying my root and user hashes are incorrect :frowning:

Type your comment> @sudozeus said:

Why does it keep saying my root and user hashes are incorrect :frowning:

You donā€™t need any hashes to get user or root.

Type your comment> @ion0x0 said:

Type your comment> @sudozeus said:

Why does it keep saying my root and user hashes are incorrect :frowning:

You donā€™t need any hashes to get user or root.

No i got root and user and the .txt flags wont submit

I think user.txt and root.txt change on every box start

Type your comment> @sudozeus said:

Type your comment> @ion0x0 said:

Type your comment> @sudozeus said:

Why does it keep saying my root and user hashes are incorrect :frowning:

You donā€™t need any hashes to get user or root.

No i got root and user and the .txt flags wont submit

You mean flags? Okay. You need to get through all the way one more time and submit the flags once you get them.

Today I learned that p***** m***** i***rt can be used for privesc and my mind went BOOM!

canā€™t i find creds file, what wordlist is correct for to find file ?

Type your comment> @mrf4thack said:

canā€™t i find creds file, what wordlist is correct for to find file ?

Normal wordlists will get it. version b.c

Type your comment> @Karthik0x00 said:

Type your comment> @mrf4thack said:

canā€™t i find creds file, what wordlist is correct for to find file ?

Normal wordlists will get it. version b.c

nothing yetā€¦

I canā€™t find the login page.

Finally got rootā€¦ this box took me a loooong time to get and I needed a lot of hints which I took from this thread. In retrospect I overlooked a few obvious things early on which slowed me down and caused me no end of frustration when I couldnā€™t even find a breadcrumb to the foothold, and there are definitely a lot of red herrings with all the credentials you can find in various placesā€¦ getting user was pretty easy once I figured that out.

Honestly though I think the root priv esc was the most annoying thing about this box. For sure, now that I know the method, I think itā€™s very interesting, but unless you happen to be a fairly competent p***** dev, I think itā€™s very esoteric, and not at all obvious from looking at the files that there might be an exploit there. I wasted literally days stuffing around with cbs and ev to no avail. In the end, it was only that someone else left a file lying around in the home directory which pointed me in the right direction.

Still, Some good lessons were learned.

Rooted. I spent a few days with this box. There were definitely some aspects that, looking back, I over complicated. One of the tough parts is that thereā€™s a lot of white noise. Youā€™re giving a lot of data that you can, ostensibly, exploit but it doesnā€™t pan out.

My one real hint is for root. The vector was obvious to me, but I botched setting it up hard and it cost me hours of pain. Donā€™t set snake paths only locally.

DM me if you need a nudge or to talk out a vector.

Thank you @polarbearer and @GibParadox for the box!

finally rooted! I struggled most with the initial enumeration mostly bc I just got impatient and frustrated. user was fun and interesting, took me a couple nudges to find the page. I had the most fun with root, very interesting exploit. I will be making sure I never make that mistake when Iā€™m programming lol.
PM for nudges

A tricky box, but learnt new things from it. Enum is great, just avoid rabbit holes and read carefully for hints. Google-fu for exploits, if needed, and youā€™ll have root in no timeā€¦ Sadly it took me a bit of time though.

Ok i,m Stuck and need a push in right direction.

Currently trying to find the login page.

Type your comment> @cycloneripper said:

Ok i,m Stuck and need a push in right direction.

Currently trying to find the login page.

There are a ton of hints on this post regarding that question. You said you are trying to find something. How are you searching? What have you done?