Poison

Just rooted.

There is a lot of great advice on here, but I’ll be honest, almost none if it helped me. Its easy to give vague references when you already know how to pwn the box. Most of the time, I find myself going back through the comments on a box I owned just to understand some of the comments I read about beforehand.

So constructive advice I have:

  1. Get into a routine, approach every box the same way. That way, you can understand when something is out of place. If you find new techniques or tools, add them into your routine.

  2. Learn how to learn. These forums aren’t here to give you the answers, they’re here to encourage you to put in the time and the effort to pwn the box. If you aren’t willing to put up, then shut up. Reach out to specific members for piecemeal advice as needed, but not to gain an answer about pwning the box, but rather to increase your understanding of what you are trying to accomplish. To be fair, those two do occasionally go hand in hand.

  3. Work at it. Go beyond your comfort zone. Put in the time to learn something completely new. This whole box for me was completely new. I had no idea about any of it, but I studied for about a week on the service in question, and got familiar with its functionality.

Thanks to this box, I’ll never forget it.

Cheers

1 Like

This is one of those you try something you think should work, and it doesn’t so you move on and go down a useless rabbit hole. So everything has been said in this thread. All the comments about enumeration are right. And enumeration isn’t hard. One or two simple commands will reveal the right path. There’s really only two options once you see the path so go for the easier oene

Then comes execution. Assuming you set it up right, my recommendation is you read the man page of the tool/client/thing you’re using to get root. That will open your eyes to possibilities of what you can do with your current resources.

This last comment relates to an issue I encountered on execution so it may be irrelevant, but if you use the material from the man page in your command/execution, it may work, but if it doesn’t and keeps spitting out the help message, try augmenting the command and stick with it.

Above all, ignore the comments about “poison” and posting of videos. I went down some rabbit hole trying to use the mixer on the system and special file which was dumb. The path is pretty standard though does require enumeration, some knowledge of the services running (though pretty basic knowledge), and understanding how to do the thing to make the thing possible.

PM for hints.

Yeah this one is not all that complex, I did enjoy it, and no brute forcing of any kind is needed on anything. Everything is provided.

I must just be plain simply blind.
decoding the password was easy but I can’t seem to find the username…
I looked into every page and its source searched FreeBSD default values and somehow I’m missing something that should be so simple…
hint/pm would be nice…

I need help with PRIV ESC, anyone can help me? (PM if you want)
I’ve tried a lot of things but they do not work

got user, got content of zip file, found the root service and tried to connect: auth successful but white screen D:
Have I any problem on my machine, or is it normal?

Hello guys,
I got the user flag, I cracked the zip and I think I know what to do now but I cannot do it after several hours trying.
Can someone PM for quick help please?
Thank

@sammysep said:
Hey anyone able to PM about this box? i extracted the zip file, I know what service im supposed to target but I am just stuck putting it all together. Been working on this off and on for a few days and would love just a little nudge to get over this last bump

You can pm me

i need help little bit i found pw.txt i decode i found server …but i dont know what is next step :frowning:

Hey guys,

Poison was the first machine for me to get user and root on. It took time, but every minute was worth it. For sure it is a nice machine and I learnt a lot on the way while I was getting in. I like how the complete picture was getting more and more clear while I was getting through the steps. Thanks for this experience.

For the ones who are still fighting to get in, all the hints are right in this thread. Do not overthink. Look at whats running on the machine and understand how they are working. And this applies to the user as well as to the root level. No bruteforce needed on the way. Look at whats running on the machine and look at what you have. All you need is there. You just have to use it.

@bergabman yes it 's a nice machine but i have probem with unzip i try to use brutforce but nothing …In this forum it’s not hint about priv esc

hint for root: it was confusing at first because so many people were on it. once you find the method of privesc, make sure you understand which ports are which. Then you might see that there’s a little extra you have to do other than just connecting right away.

@T3jv1l one thing for sure. There is no need for bruteforce on this machine. Everything is provided, you just have to find it and use it in the correct way. There are many hints in the thread, but you overthink it. Like before me people said, go for it like a normal machine, not like the poison machine. Like how would you go for a black box, where you know nothing about the usernames or even the system. The other hint was to enumerate and understand the system, understand what is running and understand how those things work on different ways, like really understand the system and the services. When you understand it with all the possibilities and functions, the picture will get clear and you will know how to go further. Even a link was here in the thread before which helped me a lot to understand how to approach the privesc part. Keep up the good work! You will make it.

@bergabman i extracted wrong zip …but i rooted thx :slight_smile:

this is madness, people keep Spoiler Removed - Arrexel.
like what is going on through people minds??

Can someone reset this? There’s a syntax error on a page I need

Ok, I have the decoded password. I’ve tried to ssh with www, poison, and a few other random usernames with no luck. Am I at least on the right track to getting in?

@XxCrashNBurnxX said:
There is a lot of great advice on here, but I’ll be honest, almost none if it helped me. Its easy to give vague references when you already know how to pwn the box. Most of the time, I find myself going back through the comments on a box I owned just to understand some of the comments I read about beforehand.

This is actually something I fully agree with. Even picking out the good hints from the forums can be a good skill to have.

The clue that helped me the most was the one about running services. It might not be obvious (which it certainly wasn’t to me) which service looks “suspicious”, but I believe that intuition is something that would come with experience. Another clue that helped was more spoiler-ish, so I won’t include it here.

If anyone needs a nudge, feel free to PM me!

I just want to learn How can I use unreadable file? Please don’t say google it. Can you show me more specific source? or we can talk on pm.

Any tips on how to get the root password? I already have the file, but I have no idea what to do with it. Nudges would be of great help. Thanks!