Magic

anyone else get 404 99% of the time they try to execute RCE?

Rooted!

Root should have been quick for me, but the hints here were blowing right over my head. Thank you @TRX for this box!

Fun box. I’ve always heard about the priv esc method used for root but never actually seen it play out, haha. Great box!

Okay, after like 5 hours stuck at root, I’m conceding. I need a nudge. I’ve spied a couple of interesting things as user, but can’t make the connection, I guess. Help!

Finally managed to get the root flag, but couldn’t seem to get a full root shell. If anyone managed to get one, please DM me. I would love to learn how to do so.

@chaoskreator said:

Okay, after like 5 hours stuck at root, I’m conceding. I need a nudge. I’ve spied a couple of interesting things as user, but can’t make the connection, I guess. Help!

If you enumerate well you can find something running. Look at what it calls and change the road it uses.

@ricepancakes said:

Finally managed to get the root flag, but couldn’t seem to get a full root shell. If anyone managed to get one, please DM me. I would love to learn how to do so.

It massively depends on how you got the root flag. As far as I can see anyway you can get the flag could be modified to call a shell instead.

Finally got it. Root was a pain. Thanks to @TazWake for the nudge.

OOf finally rooted. Root was a bit tricky.

What is the best way to find issues like this?. It did show up in my priv esc script but it looked like a normal thing that is supposed to be in the system and skipped right over it. Anyone willing to discuss the root method?

Also i was having some issues seeing the output of root shell and redirecting stdout to stderr worked (1>&2). Not really sure if there is a better way.

PM if anyone need any hints.

I need help, I can’t escalate my priv. I already have the terminal… please help… thanks i want to learn more… please.

An absolutely wonderful box! Got a ton of fun solving it! Thx a lot @TRX

I need to know if I am missing something on Foothold or it there is something wrong with my box.

I have the valid creds to login… The issue is everytime I use them it just refreshes the current login page. It never actually let’s me login?

Type your comment> @DataLeak said:

I need to know if I am missing something on Foothold or it there is something wrong with my box.

I have the valid creds to login… The issue is everytime I use them it just refreshes the current login page. It never actually let’s me login?

Which part are you in? I already rooted the box. :slight_smile:

I rooted the box! Thanks all!

Finally rooted, my first medium box :slight_smile:
I needed some hints but very funny box. If someone is stuck read the complete thread there are many hints, if you combine them you get it for sure.

Finally rooted!!,
Thanks to @TazWake and @UGlz for their help.
“The devil is in the details”

i have both flags for this box, but neither of them are being accepted – is something up?

Type your comment> @hazel said:

i have both flags for this box, but neither of them are being accepted – is something up?

try to reset the machine… it happens to me before…

I have a shell for www-data and found creds for a db user, but i cannot for the life of me figure out how to use them :confused: any help here?

Rooted the Machine.
It is a pretty straight forward machine but somethings are misleading. Be sure to look carefully inside the details.

Initial Foothold: You can get past the gate without a key. Images can store other things too
User:enum and what you find will lead to what you need
Root:Make sure it uses something that you created

PM if you need help