Official Time Discussion

Hey guys, need help.
I generated the payload but seems to have some erros, can someone please PM me?

Owned user, but i think i can do it another way, ill try later.

Rooted! The way to root was very fun.

PM me if you need some nudge.

Lol, root flag was super easy
This should be rated as “easy”

@kurogai said:

Lol, root flag was super easy
This should be rated as “easy”

Privesc is easy… if you know how… The initial foothold certainly isn’t in the easy category.

I agree that if you know the technology in question this isn’t the hardest medium box, but then they aren’t supposed to be.

rooted!! Foothold took me a few hours to figure out. Took a break and revisited it with a fresh mind and had a shell within minutes. Let me know if you’re stuck!

Can any help me? i’m stuck. ty

@k01n said:

Can any help me? i’m stuck. ty

What are you stuck at?

rooted!!

for me the the easiest part in this box is getting in to the root. i was stuck in foothold but after some research i got a shell.

feel free to message me for hints

Got user. Shout out to @1z3n!

can anyone help me with the root ?

Hello, can somebody help me with an error message that i get for my reverse shell?

“bash: cannot set terminal process group (-1): Inappropriate ioctl for device” 400 -

Never mind; i fooked up :slight_smile:
servering on same port as my reverse shell :slight_smile:

Got user and root. Need correct CVE for User and presence of mind for root :D. This was my first Active box :slight_smile:

I rooted this one last night. The user boggled my mind a bit due to lack of experience but the root was easy. If anyone needs help feel free to PM me.

Hi. I found the CVE. After some tweeking (thx to @TazWake) i verified that the exploit is working by pinging myself. But i dont’t get a shell working. Tried AllTheThings but no success. Is a reverse shell not the rigth approach?

Rooted !

user: cve? dont forget to remove un necessary slashes
root: sh sh sh sh sh sh

perhaps I’ve been going at this approach so tirelessly I am simply spinning my wheels;

I seem to get a correct reply to my validation request but I don’t see a shell.

when I ask for the file I created (after some syntax tweaking) I finally avoided exception error…only to see no file acted upon on my machine. I always forget if my simple server needs a port assignment when I need to listen via n* and using the same port for request, file hosting and n* tend to throw me off.

any nudges are welcome. this one is NOT fun, at least this part.

Can anyone help ?, the script to get root, is giving permission denied, both to get ssh and the root file.

Respect to @Dec1pher for the foothold nudge. Path to root pretty simple imo but still learnt lots today. Nice box!

Rooted. Thanks to @egotisticalSW and @felamos for this box! It’s my first time exploiting something in that language, so I’m glad I learnt something new.


User

Really the best thing you can do is Google the ■■■■ out of that service and play around with your findings. You’ll eventually find an exploit that works.

Root

Actually easier than user imo. Just your normal privesc techniques.


Feel free to PM for nudges or to discuss this box :slight_smile: