Finally rooted.
Overall this box had a lot going on, I wouldn’t call it easy at all, especially for a newbie like me. got a lot of 502’s which stopped my progress.
Foothold required your own setup
User was right there in front of me but a couple of tries made me look for a different way (while the first option was correct…)
Root was fairly easy.
hi all, i am currently stuck at foothold. i do have a couple of working cve’s but nothing i could combine or chain for a rce yet. can someone pls pm for some assistance on how or where to proceed now. thanks
After gaining foothold:
Is that non-public file, which is apparently invalid, what is used to pivot to user? Or is that a red herring? (Because if so, I am stumped on how to figure out what is wrong with it!)
Ok so I got the secret file.
Could use a little nudge here moving forward with the payload.
Thanks
I ran a Docker instance of same version G----b with much Google’ing and going through the docs since not familiar with its back-end operation. Takes time but you can re-create close enough to the same environment using that file you found. If you look at the headers there’s something unique in there that you can now forge. You’ve probably come across the bug report that got you that file, keep reading down the page. You’ll know it when you see it.
I have completed 53 machines after completing this one, and I will say this was probably the worst for being rated incorrectly. I am wondering how the decision is made to provide a rating for the machines. I would like more insight into that.
I’m not complaining about the machine itself. I actually really enjoyed it!! Great box @0xc45 !!
Hi guys, I transferred Labratory machine ownership (which I haven’t seen before) to myself. Can someone explain that to me? Like have root/Administrator never gives that option so I think it has something to do with the VM internals - is that related to the access? Apologies, n00b overhere.
Rooted. Struggled a while on the foothold after I got around all my 502 errors.
User was easy.
Root was funny because whenever i cat’d a certain file, I didn’t see what I needed to see to privesc. Idk if my terminal was messed up or something, but I was very confused because I was very confident that this was part of the privesc, but I didn’t see anything worthwhile.