Official Ready Discussion

Type your comment> @Raskul82 said:

I am struggling on breaking out to get the Root flag, Can anyone assist. I have a few POCs and articles but no luck yet

I just did it… someone mentioned it earlier, but the hacktricks article really helped - although the concept is also mentioned in other articles as well.

If you don’t get any further PM me.

FINALLY ROOTED!!! YAY!!! Thank you to all who helped me especially @Harbard @ShayNay @agnorance adn @in3vitab13

Hey there, looks like some of you are having trouble running the “exploit script” to get the initial shell… For those struggling, there is a youtube video on how to exploit it that I have uploaded earlier… Google and fix the dependencies to get the script working. Refer to the GitHub Page for dependencies information. Cheers. Happy Hacking.

Type your comment> @Raskul82 said:

I am struggling on breaking out to get the Root flag, Can anyone assist. I have a few POCs and articles but no luck yet

There’s hard way(s) and there’s an easy way. The easy way wasn’t so high in search results but not too difficult to spot of you look closely. There’s already a hint about it in this thread.

@agnorance
i all ready have root, but the flag is not where it is, i had a look through some other folders i could be in but it anit there. And your right it was a bit odd that the password was labeled as such

Type your comment> @AFriend said:

@agnorance
i all ready have root, but the flag is not where it is, i had a look through some other folders i could be in but it anit there. And your right it was a bit odd that the password was labeled as such

You need to break out to get to the root flag

Type your comment> @Raskul82 said:

Type your comment> @AFriend said:

@agnorance
i all ready have root, but the flag is not where it is, i had a look through some other folders i could be in but it anit there. And your right it was a bit odd that the password was labeled as such

You need to break out to get to the root flag

do u have a hint cause i am stuck

Type your comment> @AFriend said:

Type your comment> @Raskul82 said:

Type your comment> @AFriend said:

@agnorance
i all ready have root, but the flag is not where it is, i had a look through some other folders i could be in but it anit there. And your right it was a bit odd that the password was labeled as such

You need to break out to get to the root flag

do u have a hint cause i am stuck

Could there be a machine inside a machine?

nice box for beginners looking to try out a medium box. Very similar to laboratory if you’ve already done it, except much less complicated. My one tip, you don’t exactly need to escape. The box owner left a big door open. PM if you need nudges

Got user and root…

user: a lot of the messages in this thread are about some python script that is not working… the hint: there are other scripts out there for this vulnerability that may work

root: unfortunately spent lot of time grepping… after root user obtained you just need to see a “bigger picture” to get the hash :wink: not sure what is escaping issue others talking about…

Done, I learnt a lot / Thank you

User: Google is your friend and remember older snakes are more easygoing than younger… getting the flag is easy job then

Root: use what you can find in the configs wherever you can
Sometimes the jail looks scary but you can realize that the door is not locked, don’t overcomplicate it just walk out

Type your comment> @aksika said:

Done, I learnt a lot / Thank you

User: Google is your friend and remember older snakes are more easygoing than younger… getting the flag is easy job then

Root: use what you can find in the configs wherever you can
Sometimes the jail looks scary but you can realize that the door is not locked, don’t overcomplicate it just walk out

Bro now your making me wonder how you passed it.

Type your comment> @Raskul82 said:

Type your comment> @aksika said:

Done, I learnt a lot / Thank you

User: Google is your friend and remember older snakes are more easygoing than younger… getting the flag is easy job then

Root: use what you can find in the configs wherever you can
Sometimes the jail looks scary but you can realize that the door is not locked, don’t overcomplicate it just walk out

Bro now your making me wonder how you passed it.

Passed it as in bro ? Where ur stuck at

finally found root.txt. Special thank you to @TazWake!

Spoiler Removed

Got the root flag! :slight_smile:

Special thanks to @agnorance and @v3ss0n4

I have the files from the uncommon location at /.
Can someone give me a hint on how to proceed, I have encrypted as well as clear text passwords? The escape part won’t be a problem since it’s already well documented on the internet.

edit : I got root user , now on to the escape part

Really liked this box!

Foothold part was a bit hard. Had to use different exploits several times and then adjust the script for my python env (protip: adapt exploit to your needs). Priv esc was fun too. It will take some time, but it is rewarding.

Type your comment> @Shad0wQu35t said:

Type your comment> @Raskul82 said:

(Quote)
Passed it as in bro ? Where ur stuck at

No man I completed the box.

Type your comment> @TazWake said:

Struggling on the initial shell which seems odd as I was 99.999% confident I had the right path. I just get stuck on import in progress. I assume this is the “unintended path” which got patched, so back to google…

Do we know if this path has been patched? I am having the same issue and keep getting “Import in progress” forever. Tried it through Burp as well with no luck.