Official Feline Discussion

Rooted. Fun box, not too hard for a hard box but definitely not easy.
PM me if you need a nudge but be prepared to tell me what you’ve tried first.

Rooted, good box with lot of learning points.
Let me know if you need any help but tell what you tried to avoid me any spoil

path is web link without security ???

Pretty sure I am looking at the intended exploit. Can someone point me to some good reading material for the exploit?

I’m not able to get the required code for SUCCESS

Edit: Rooted the box

root@VirusBucket:~# whoami;id;hostname
root
uid=0(root) gid=0(root) groups=0(root),1(daemon),2(bin),3(sys),4(adm),6(disk),10(uucp),11,20(dialout),26(tape),27(sudo)
VirusBucket

I loved this one because I’m very interested in learning more about exploiting the type of vulnerability required for foothold.

This box was quite a lot of work, but got there in the end. Got stuck on user a bit because I thought I had everything I needed, but I didn’t. Thanks @m1r3x for pointing that out.

The lateral movement taught me something I didn’t know yet.

Root wasn’t too bad because the way was clear, just needed to put in some time, trial and error to get everything right.

Let me know if you need help

Great box, loved the privesc part.
Can offer help if you are stucked

Where is the root.txt? I just reset the machine and still not in the usual place.

Type your comment> @DrinkACoffee said:

Where is the root.txt? I just reset the machine and still not in the usual place.

are you sure you are not in a container?

Type your comment> @m1r3x said:

Type your comment> @DrinkACoffee said:

Where is the root.txt? I just reset the machine and still not in the usual place.

are you sure you are not in a container?

Yup, lol. I found out 1 minute after I posted this haha.

Thnx!

Rooted! Very, very nice box. Learnt a lot from this.

DM if you need nudges

Invalid request
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
curl: (26) Failed to open/read local data from file/application

curl: (28) Failed to connect to 10.10.10.205 port 8080: Connection timed out

howdy everyone, nice box, I am having trouble with the masonry/carpentry tool ?, appreciate a PM.

@scorpion4347 said:

curl: (28) Failed to connect to 10.10.10.205 port 8080: Connection timed out

It looks like curl failed to connect because the connection timed out.

@TazWake said:

@scorpion4347 said:

curl: (28) Failed to connect to 10.10.10.205 port 8080: Connection timed out

It looks like curl failed to connect because the connection timed out.

We got ourselves a comedian, ladies and gentlemen. :lol:

@metuldann said:

We got ourselves a comedian, ladies and gentlemen. :lol:

Thanks, I try my best.

this is the place to learn new things!!!

@scorpion4347 said:

this is the place to learn new things!!!

Along with learning, it is really fun to do. :wink:

Type your comment> @TazWake said:

@scorpion4347 said:

curl: (28) Failed to connect to 10.10.10.205 port 8080: Connection timed out

It looks like curl failed to connect because the connection timed out.

LOL

Rooted but with some sense of guilt.
I want to be totally onest: while googling i casually dropped into a spoiler and when i was completely lost for the root path i took some “inspiration” from it.

Foothold/user: here i had a pretty clear picture of the process, but i could not find the right “tooling”. Got a nudge (thx @ricepancakes) to get to user, then i went there…

root: That’s when i fell into temptation. I was struggling to find a possible path.
Yeah, i saw a lot of things using a common enum script, but i totally missed the point about getting deeper. there i started googling a little bit “too hard” and i fell into the spoiler…i did not took it as a whole. i took just a hint and i tried to get back to my blocking point to see if i could ever be able to spot the way. There i have felt dumb, because the thing to look at was plainly in front of me and i didn’t noticed.

I kinda feel to have cheated for this, thus i am not really satisfied. I spent an hour and a half thinking if it was right or not to submit the root hash… ?