And rooted. The foothold was one of the trickiest parts. I was so confused when i couldn’t find the directory until I realized that capitalization is important.
Thanks to @ChefByzen for the awesome box
I liked a lot this machine. For the users part it was very easy but the root part very difficult to find what ti is juice. I appreciate who nudge me to root, address me where to look in.
just rooted this box, but the way I rooted it was more of guess work, does anyone care to PM me about how you got to know about this exploit. And someone in the discussion said that there are more then one way to get to root, anyone wants to discuss about it?
hey everyone ! I’ve been stuck on root for a long time and clues here don’t really help me… Tried a bunch of stuff, enumerated a lot but I’m clearly missing something (but I’m a beginner)…
hey everyone ! I’ve been stuck on root for a long time and clues here don’t really help me… Tried a bunch of stuff, enumerated a lot but I’m clearly missing something (but I’m a beginner)…
When you enumerate, look at all the files you can find which would normally come up on a enum search. Check them out and see if any can be exploited. There is a good blog post on how to use it.
Rooted !
Thanks @TazWake and @ChefByzen for the nudge, I totally missed the file, thinking it was not supposed to be here…
Really fun box, learned a lot on this one
got both users fast but stuck on root for several days… cant find anything interesting in home directory my thoughts were that i can do smthing with .X**** file but i still cant find decision. can anyone help me please to take me in right way? PM or here.
thank you!
got both users fast but stuck on root for several days… cant find anything interesting in home directory my thoughts were that i can do smthing with .X**** file but i still cant find decision. can anyone help me please to take me in right way? PM or here.
thank you!
got both users fast but stuck on root for several days… cant find anything interesting in home directory my thoughts were that i can do smthing with .X**** file but i still cant find decision. can anyone help me please to take me in right way? PM or here.
thank you!
To those who stuck on root - you can be sure you’re on the right way staying home, and also don’t forget to watch for processes running by root. I hope it’s not much of a spoiler. If you cannot find any interesting file inside home, read all the files again and again, you’ll finally get what you need. pspy might help you connect some dots together, and direct you to the correct path. And the last - always take it easy, don’t get frustrated.
To those who stuck on root - you can be sure you’re on the right way staying home, and also don’t forget to watch for processes running by root. Pspy might help you.
This is wrong/unintended. Try the same after resetting the machine. You can’t see what you saw already in ‘ps’ and ‘pspy’ will not connects the dots together. This happens when you doing the machine which is already compromised by someone and left it in broken state. Make sure to reset it and try again.
To those who stuck on root - you can be sure you’re on the right way staying home, and also don’t forget to watch for processes running by root. Pspy might help you.
You can’t see what you saw already in ‘ps’ and ‘pspy’ will not connects the dots together.
Actually I saw that thing everytime I ran pspy, and I ran it many times to be honest, as I spent 1.5 days working on the machine. I was just unable to notice it, or maybe I was, but even the idea of it being the way to go seemed idiotic to me.
Reading hints here not only doesn’t help one, it implicitly makes it even worse for the following reasons: these hints are confusing, non-making any sense, make you question your current direction and, finally, your own skills. There’s only one percent of 1% who really bother to provide useful hints and not leave a spoiler (pretty hard) to those who really need help and are stuck, the rest just bother to show everyone they haxed the machine, that they have skills or something like that.
So, I strongly recommend always follow yours own intuition, and if you need a hint, you can just DM someone and ask them to give you a clear hint, as hints that are meant to be useful and not spoiling at the same time are very confusing, and unlikely are to help.
@carbide don’t take it deep. I’m also pwned this machine exactly the same way you did. For a clarification, I asked the Machine Creator if this is the way or not. He said that my way is an unintended method. So I again did the root part after resetting in the intended way.
Moreover, people can’t give a direct hint here as it will be flagged as spoiler. All they can do is providing a blurry pointer to us.