Official ScriptKiddie Discussion

@sparrow1
I had a few problems getting that script to fire as well. Took me like 3 tries . I never had problems with the id_rsa key, however I did lose the connection a few times.

Some idiots continue to change permission on -rw-rw-rw- 1 kid kid 49 Feb 11 23:03 Spoiler Removed

STOP to reset machine every minute please.

who create the ELF file /var/tmp/rs DM me.

This was a fun and super easy box. Was not expecting it like this. But glad I got it!

Finally rooted:kissing_smiling_eyes:
It took a little bit longer than i expected. Thanks @0xdf for the box
Thaks @sicario1337 and @clure for the hints:smile:

Rooted as last :slight_smile: Fun Box.

Definitely a different box than the others,spent way too much time for just a simple google search.Feel free to PM for a small hint :slight_smile:

I have rooted the box, but can someone tell me why the script runs automatically or what triggers the script to run automatically? Itā€™s not obvious to me which line on the script indicates running by itself. I couldnā€™t find any cronjobs eithers. Would appreciate a PM.

Iā€™m in as user1, I found the way to exploit laterally but something isnā€™t working here right. I tried method locally and everything works, but remotely itā€™s not. Can someone explain me how ********. script is triggered?

@011915 said:

Can someone explain me how ********. script is triggered?

In Linux there are lots of ways to set up a service or running task. You, as an attacker, donā€™t need to trigger it.

if someone has some hits for the foothold I am totally stuck, any help would be appreciated, thanks

I am feeling confident on the inital foothold, but have been persisting for an hour or so now without making use of it.

Is using the **f.*pk along the right lines? I believe I have the correct settings on the web page as well, but the page just gets stuck uploading endlessly.

Any nudge is appreciated.

@CrackerMan said:

Is using the **f.*pk along the right lines?

Yes

I believe I have the correct settings on the web page as well, but the page just gets stuck uploading endlessly.

It wont ever complete because you are exploiting the system not uploading a legitimate file. You should still get a shell.

I have found a way to get a shell, tomorrow I wil try to get the user

Rooted. This was a FUN box.
I was stuck for hours to get the first shell. Thank you @jiggle for the nudge.
The pivot and root parts are easier.

Type your comment> @TazWake said:

@CrackerMan said:

Is using the **f.*pk along the right lines?

Yes

I believe I have the correct settings on the web page as well, but the page just gets stuck uploading endlessly.

It wont ever complete because you are exploiting the system not uploading a legitimate file. You should still get a shell.

Soā€¦ ended up changing to my laptop, and that seemed to do the trick. My desktop wouldnt have it, I even tried all firewall and AV settings, and going with Parrot instead of Kali but it wouldnt connect.

Not a clue why but got user, and now working on Root. Thanks for letting me know I was on the right track.

Type your comment> @CrackerMan said:

Type your comment> @TazWake said:

@CrackerMan said:

Is using the **f.*pk along the right lines?

Yes

I believe I have the correct settings on the web page as well, but the page just gets stuck uploading endlessly.

It wont ever complete because you are exploiting the system not uploading a legitimate file. You should still get a shell.

Soā€¦ ended up changing to my laptop, and that seemed to do the trick. My desktop wouldnt have it, I even tried all firewall and AV settings, and going with Parrot instead of Kali but it wouldnt connect.

Not a clue why but got user, and now working on Root. Thanks for letting me know I was on the right track.

not sure , file permission maybe ?

Hi everyone, iā€™m trying to browse this machine with firefox, but i canā€™t connect to it even if i added it to the hosts file, can someone help me?

@0fox said:

Hi everyone, iā€™m trying to browse this machine with firefox, but i canā€™t connect to it even if i added it to the hosts file, can someone help me?

Ports matter.

whoami && id
stty: ā€˜standard inputā€™: Inappropriate ioctl for device
[*] exec: whoami && id

root
uid=0(root) gid=0(root) groups=0(root)