Hint for Sunday

can’t get the initial foothold for ROOT!! can anyone help?? PM

Rooted! PM if you need

took me 30 mins for the crack - on a low spec vm, UN1X00 - your words were most helpfull, now onto root!

Umm I rooted in a weird way. DM if you rooted and wanna talk about discuss the machine or if you want help.

Got it… nice box… hashcat took only a couple of seconds on my MacBookPro

@gorias said:
took me 30 mins for the crack - on a low spec vm, UN1X00 - your words were most helpfull, now onto root!

No problem.

Yeah im hating this one. Running john with the correct format and pumping a variety of wordlists and rules at it has gotten me nowhere.

Finally rooted. Best advice I could give for this one is enumerate. Also learned a neat trick on this one. Happy I did it.

Can someone PM me regarding the hash, not sure if my syntax/command is wrong or if the hash has been altered before i got there?

Can anyone PM for a slight nudge for the final root priv esc?

JK - rooted

If you’re struggling going from user to root, you may want to start over with your enumeration. It’s aggressively simple. I know that sucks to hear if you’re struggling, but once you see it, you’ll have root in less than a minute. My hint is to ask “what can this user do”? Also when you do see it, you do not need to mess things up to get the flag so be considerate as, according to this forum, many people are trying to to modify sensitive files when it’s not necessary.

Rooted. There’s ALOT of options once you get the main “user” account. if you mess with any key system files please reset the box when you’re done …

@3lpsy said:
If you’re struggling going from user to root, you may want to start over with your enumeration. It’s aggressively simple. I know that sucks to hear if you’re struggling, but once you see it, you’ll have root in less than a minute. My hint is to ask “what can this user do”? Also when you do see it, you do not need to mess things up to get the flag so be considerate as, according to this forum, many people are trying to to modify sensitive files when it’s not necessary.

This. just got root without modifying or exploiting anything.

Any help with the initial foothold?

I have:

  • Found all open ports/services running
  • Enumerated users via the lowest port service
  • Tried running every default password (in Hydra) I can think of against all found users on the service that’s port has been changed for security.

No dice. Am I overlooking a common password? Would greatly appreciate a PM if anyone can point me in the right direction.

ROOTED! hahaha, laughed my ■■■ of when i found out how to “priv esc”. No exploit, no cracking nothing needed. Just Basic linux commands and wireshark…

@xnumber7 said:
Any help with the initial foothold?

I have:

  • Found all open ports/services running
  • Enumerated users via the lowest port service
  • Tried running every default password (in Hydra) I can think of against all found users on the service that’s port has been changed for security.

No dice. Am I overlooking a common password? Would greatly appreciate a PM if anyone can point me in the right direction.

yes the password is stupidly easy. like, its right in your face easy. this is for the first user which you will then use to find a way to get access to the second user. the method for the second user is much less in your face.

Just rooted this. Feel free to PM me if you need a nudge. :slight_smile:

I managed to get the root flag, but I don’t know how to get a root shell, which make me think that maybe I didn’t get it the right way. Can someone PM to see if I got it the right way?

Finally got root flag, will have to thank @macw141 and @UN1X00. sorry for irritating you guys, but hints got me through.