I am struggling on breaking out to get the Root flag, Can anyone assist. I have a few POCs and articles but no luck yet
I just did it… someone mentioned it earlier, but the hacktricks article really helped - although the concept is also mentioned in other articles as well.
Hey there, looks like some of you are having trouble running the “exploit script” to get the initial shell… For those struggling, there is a youtube video on how to exploit it that I have uploaded earlier… Google and fix the dependencies to get the script working. Refer to the GitHub Page for dependencies information. Cheers. Happy Hacking.
I am struggling on breaking out to get the Root flag, Can anyone assist. I have a few POCs and articles but no luck yet
There’s hard way(s) and there’s an easy way. The easy way wasn’t so high in search results but not too difficult to spot of you look closely. There’s already a hint about it in this thread.
@agnorance
i all ready have root, but the flag is not where it is, i had a look through some other folders i could be in but it anit there. And your right it was a bit odd that the password was labeled as such
@agnorance
i all ready have root, but the flag is not where it is, i had a look through some other folders i could be in but it anit there. And your right it was a bit odd that the password was labeled as such
@agnorance
i all ready have root, but the flag is not where it is, i had a look through some other folders i could be in but it anit there. And your right it was a bit odd that the password was labeled as such
@agnorance
i all ready have root, but the flag is not where it is, i had a look through some other folders i could be in but it anit there. And your right it was a bit odd that the password was labeled as such
nice box for beginners looking to try out a medium box. Very similar to laboratory if you’ve already done it, except much less complicated. My one tip, you don’t exactly need to escape. The box owner left a big door open. PM if you need nudges
user: a lot of the messages in this thread are about some python script that is not working… the hint: there are other scripts out there for this vulnerability that may work
root: unfortunately spent lot of time grepping… after root user obtained you just need to see a “bigger picture” to get the hash not sure what is escaping issue others talking about…
User: Google is your friend and remember older snakes are more easygoing than younger… getting the flag is easy job then
Root: use what you can find in the configs wherever you can
Sometimes the jail looks scary but you can realize that the door is not locked, don’t overcomplicate it just walk out
User: Google is your friend and remember older snakes are more easygoing than younger… getting the flag is easy job then
Root: use what you can find in the configs wherever you can
Sometimes the jail looks scary but you can realize that the door is not locked, don’t overcomplicate it just walk out
User: Google is your friend and remember older snakes are more easygoing than younger… getting the flag is easy job then
Root: use what you can find in the configs wherever you can
Sometimes the jail looks scary but you can realize that the door is not locked, don’t overcomplicate it just walk out
I have the files from the uncommon location at /.
Can someone give me a hint on how to proceed, I have encrypted as well as clear text passwords? The escape part won’t be a problem since it’s already well documented on the internet.
edit : I got root user , now on to the escape part
Foothold part was a bit hard. Had to use different exploits several times and then adjust the script for my python env (protip: adapt exploit to your needs). Priv esc was fun too. It will take some time, but it is rewarding.
Struggling on the initial shell which seems odd as I was 99.999% confident I had the right path. I just get stuck on import in progress. I assume this is the “unintended path” which got patched, so back to google…
Do we know if this path has been patched? I am having the same issue and keep getting “Import in progress” forever. Tried it through Burp as well with no luck.