Official Ready Discussion

Type your comment> @TazWake said:

@k01n said:

any help with root please?

Enumerate, find loot, privesc, escape, get root on box.

Rooted! :slight_smile:

Is something going on with this box? I’m getting a HTTP 502 error where, login was loading fine earlier. Back up.

anyone can PM me i cann’t get the reverse shell.

Easy and fun box, here are my hints

Foothold

Versions are important, you should do nothing more than run a cmd to get the initial shell

Co******r Root

There is a fantastic hint that I should have listen before spending a lot of time in enumeration… page5, @blacViking (thanks man !)

Actual Root

What can you do and what is your goal ? Google it and you’ll be free.

If you need help, feel free to PM

Rooted, thanks to @Shubhamz007 and @DarkRider88

Rooted. Fun box.

Rooted, pretty fun and easy box.

PM me if needed :slight_smile:

I keep getting a connection to my nc listener, but I can’t run anything after the initial connection. anyone have advice/solution?

I’m don’t receiving connections on my nc listener. I’m normal exploit from edb, any suggestions? I’ve read that i need to do some tunning but i don’t know where (i’ve tried using another reverse shell). Any minimum help would be appreciated

I’m don’t receiving connections on my nc listener. I’m normal exploit from edb, any suggestions?> @BoWyatt said:

I’m don’t receiving connections on my nc listener. I’m normal exploit from edb, any suggestions? I’ve read that i need to do some tunning but i don’t know where (i’ve tried using another reverse shell). Any minimum help would be appreciated

I got a shell with another script but i want to understand the most popular ones. Still figuring out why im not receiving with the other script.

I’m stuck on how to get du** user. Enumeration and linpeas did’nt get me useful things, any hint ?

@UVision said:

I’m stuck on how to get du** user.

Double check you need to get this user account.

Enumeration and linpeas did’nt get me useful things, any hint ?

Yes, enumerate more. To steal a phrase from PWK/OSCP, it really is a “try harder” here.

Your enumeration needs to look at an unusual folder which might hold things people use to store stuff.

@TazWake I have for now listed the directories accessible for writing without having seen an interesting info, I guess I must have missed it.

@UVision said:

@TazWake I have for now listed the directories accessible for writing without having seen an interesting info, I guess I must have missed it.

just to check, did you also include ones you could read rather than just write access?

@TazWake Indeed not, is there a good command for that ? All commands founded on the web doesn’t work for me.

Resolved : the only “uncommon” folder in my case is the assets folder situated in /, but I don’t think it is the right way.

@UVision said:

@TazWake Indeed not, is there a good command for that ? All commands founded on the web doesn’t work for me.

Well, there is but it would be insanely noisy as you can look at most files on the OS. Simply searching for readable files is easy but I don’t know how you would narrow down the output. You could try something like:
find / -type f -perm -a+w 2>/dev/null
but it might need some tweaking.

Manual enumeration is more effective.

If you look in / there is a folder for things people can decide if they want or don’t want to install. In there is a folder which is probably not present on your own Linux system. It is worth looking in there.

@TazWake Thanks for these nudges, I founded an ssh private key, I hope that is the right way to get user…:smiley:

@UVision said:

@TazWake Thanks for these nudges, I founded an ssh private key, I hope that is the right way to get user…:smiley:

Well, it is interesting and it certainly wasn’t something I found.

Bear in mind.

  • you have a user account.
  • if you find something that doesn’t seem to work, try it somewhere else.
  • you have a couple off hoops to jump through to get from where you are to the root flag.

Cast your mind back to my first response. What user are you trying to get and do you really need it ?

@TazWake so bad that I’m not in the good way. From you response, I’m a bit confused : is the “****” user is necessary to get root ? Or as I already own the user flag, it is not ?