Poison

@T3jv1l one thing for sure. There is no need for bruteforce on this machine. Everything is provided, you just have to find it and use it in the correct way. There are many hints in the thread, but you overthink it. Like before me people said, go for it like a normal machine, not like the poison machine. Like how would you go for a black box, where you know nothing about the usernames or even the system. The other hint was to enumerate and understand the system, understand what is running and understand how those things work on different ways, like really understand the system and the services. When you understand it with all the possibilities and functions, the picture will get clear and you will know how to go further. Even a link was here in the thread before which helped me a lot to understand how to approach the privesc part. Keep up the good work! You will make it.

@bergabman i extracted wrong zip …but i rooted thx :slight_smile:

this is madness, people keep Spoiler Removed - Arrexel.
like what is going on through people minds??

Can someone reset this? There’s a syntax error on a page I need

Ok, I have the decoded password. I’ve tried to ssh with www, poison, and a few other random usernames with no luck. Am I at least on the right track to getting in?

@XxCrashNBurnxX said:
There is a lot of great advice on here, but I’ll be honest, almost none if it helped me. Its easy to give vague references when you already know how to pwn the box. Most of the time, I find myself going back through the comments on a box I owned just to understand some of the comments I read about beforehand.

This is actually something I fully agree with. Even picking out the good hints from the forums can be a good skill to have.

The clue that helped me the most was the one about running services. It might not be obvious (which it certainly wasn’t to me) which service looks “suspicious”, but I believe that intuition is something that would come with experience. Another clue that helped was more spoiler-ish, so I won’t include it here.

If anyone needs a nudge, feel free to PM me!

I just want to learn How can I use unreadable file? Please don’t say google it. Can you show me more specific source? or we can talk on pm.

Any tips on how to get the root password? I already have the file, but I have no idea what to do with it. Nudges would be of great help. Thanks!

I got the service connection but I couldnt exploit it. What should my next goal be?

I agree with all who said something like: Think about how a real user would use this service - think like a sysadmin who wants work most efficiently.

I found the service quickly and knew what the file was, but I was stuck on how to exploit it for a while - I missed one elegant feature / option of the client you have to use … hard to say more without spoiling. Read the official documentation carefully, search for how-to articles and the like for the required type of connection. If you don’t know what to do with the file then reading the man pages will also help.

Can someone DM me? I’m doing something dumb and can’t open a reverse shell

@kekra Is that what you said have relation …up file?

@ghroot Not totally sure what you mean … I referred to using that file as an input to exploit that service to become root. Anything you need is in official documentations of the tools.

@kekra Can I pm to you ?

@ghroot Yes!

getting a rev shell on this is killing me… i keep getting a hit back but it closes immediately. I made the “…shhhhhhhh” sick by feeding it REV poison and I can get RCE this way but the shell hits and then exits. whats the deal

finally got a shell… had to set up my server the same way and toy with it

I extracted zip file what should i do with secret file ?

worth the pain… user was as easy as pie

for root requires enumeration and a bit of learning of how things can be bypassed to reach that particular loophole

@dodoa4 said:
I extracted zip file what should i do with secret file ?

keep it aside for a while and enumerate the box. Take a look at running processes, that was a great help for me…