Official Ready Discussion

Rooted, thanks to the valuable tips on this post.

My biggest struggle was to obtain a stable shell that allowed me to switch user
(script -c “/bin/bash -i” /dev/null worked out)

Hello, it is my first box and I am struggling a lot to find a way to have a shell. I found on Google how to exploit it. I found 2 differents scripts which are working. Nothing happen on my nc console when the script succeed ! I dont know what is wrong !!! Does somebody already have this ? If someone can help me PM me please. Thanks and a happy new year to everybody !!!

Type your comment> @busshi said:

Hello, it is my first box and I am struggling a lot to find a way to have a shell. I found on Google how to exploit it. I found 2 differents scripts which are working. Nothing happen on my nc console when the script succeed ! I dont know what is wrong !!! Does somebody already have this ? If someone can help me PM me please. Thanks and a happy new year to everybody !!!

Hi, I found 3 scripts but none of them worked without some modifications (including bugs). Have you checked the payload to get the shell is correctly delivered? if you need more concrete help just dm me.

Pwned machine! yeah!

hint:
root: grepping hard
web: check google for vulnerability.

Very interesting box. Definitely new concepts that we don’t often see in the CTFs. FULL of rabbit holes.

One issue; Found the user password but when I tried it at first it didn’t work so spent a couple unnecessary hours digging deeper… *bangs head… anyway, came back to things with a reset box and the password worked. Someone must have changed it for some reason that breaks my heart. haha.

Foothold -check
user- check
rooted- check

As has been said, Hacktricks will help with true root. Getting user may take longer than actual root if you don’t search properly. It’s not a place that is often seen here so think outside the box. and look at everything. rabbit holes for days…

Type your comment> @ThymineDNA said:

Rooted, thanks to the valuable tips on this post.

My biggest struggle was to obtain a stable shell that allowed me to switch user
(script -c “/bin/bash -i” /dev/null worked out)

python3 -c ‘import pty; pty.spawn(“/bin/sh”)’ ??

Rooted! Great box i learned so much.
Special thanks for opening my eyes. You think that’s air your breathing.
@professormoody
@ThymineDNA

@likelytarget had the best foot to root hints

Hello, i found an exploit. everything is working. rs is connecting, but that’s the only thing it does. Can someone help me?

connect to [1***8] from (UNKNOWN) [10.10.10.220] 30

EDIT: Okay, I found the problem. I am only connecting to nc. Never trust a pre-made script…

YEAH GOT USER!
Lesson learned, do not ask for help to early…

What an amazing box learned something new in this box.

Hint is already present in the forum . My little hints:

User : Find something about the service running and google is your best friend.
Linpeas will reveal some guicy info and leads to higer .

Priv ESC: Linpeas output will help to understand the box more and after google you will get answers to get shell.

If this seems to spoil anything please free too delete this …

Need any help PM me with what you have done.

Hello guys i am user in this machine after exploiting the CVE but now i am stuck at enumeration from 1 days i have found 8 clear password !!!
But but apparently not the right one ! PM for user if you need help :slight_smile:
And can you PM for a litle help for root ty guys :wink:

Type your comment> @MONKMODE said:

Hello guys i am user in this machine after exploiting the CVE but now i am stuck at enumeration from 1 days i have found 8 clear password !!!
But but apparently not the right one ! PM for user if you need help :slight_smile:
And can you PM for a litle help for root ty guys :wink:

PM ME

Finally got root thanks to all of you !!! Feel free to ask if you need help…

I have on my way to root. I am trying to escape the d***** Can anyone give me a nudge?

Type your comment> @professormoody said:

Type your comment> @ThymineDNA said:

Rooted, thanks to the valuable tips on this post.

My biggest struggle was to obtain a stable shell that allowed me to switch user
(script -c “/bin/bash -i” /dev/null worked out)

python3 -c ‘import pty; pty.spawn(“/bin/sh”)’ ??

Already tried, didn’t work at all. I think it has to do with the new Kali console, it looks a little bit weird to me

@ThymineDNA said:

Already tried, didn’t work at all. I think it has to do with the new Kali console, it looks a little bit weird to me

When you say it didn’t work - what happened?

Guys, with a credentials that I found by enumeration i could got r***. I saw some guys saying about d**** escape. Can you tell me more about this techniques in DM? I would like to learn about.

I am hitting a road block elevating the privs in the d***** c********. I have tried several different ways but keep falling up short. I think that I have all the information i need to login as r***. Any nudges in the right direction?

have the r***_p*** but still cant get root by it!
also found ssh_keys…in a file…even that didnt work!
where should i head?

@shadyslice said:
I am hitting a road block elevating the privs in the d***** c********. I have tried several different ways but keep falling up short. I think that I have all the information i need to login as r***. Any nudges in the right direction?

same with me brother

is someone doing ddos Ready box ? I found it keep being outage and came back