This last step to root is really making me scratch my head. The rest of the box before this was so interesting and cool, but this last part sucks. Does anyone have a nudge? I see the “hint file” and I understand how everything is working, but I’m missing some piece that must be hinted at in this “hint file” but I’m not picking up on it.
Any hints?
EDIT: Wow. That was kinda dumb. But I got there in the end; too much overthinking and too deep down rabbit holes.
Some small nudges:
User: Evaluate the full functionality of the web application from top to bottom. Play with requests, see if you can get it to reveal some information it shouldn’t. Then use that information to evaluate the web server much more “completely”. Lots of steps on this one, so stay tenacious and make sure you understand everything that the server is doing!
Root: Again, many steps. Follow the “breadcrumbs” that have been left for you in obvious places. Gather creds, then find other services you couldn’t access before. There may be a “map” on your machine that will give you the path to some more credentials. Then this is the tricky part: just try a bunch of different “modes” and see what sticks.
Good box up until the end… There are a couple rabbit holes here and there. If you find the breadcrumbs stick to it. Nothing really new that you haven’t seen before on other boxes.
EDIT: Got a shell, still no user flag… gonna try 'n automate the initial process because of the fragment I found on the server, already got a new user but still puzzled, don’t wanna go through each and any rabbit hole again with the new intel…
Wow, in case there are others out there like me where the basic initial enumeration of one of the most common ports on almost all the boxes isn’t there, reset the box. Don’t be like me and spend hours and hours working on the wrong stuff. Just reset and try again. Also, if someone disabled that service once they rooted, just why? Thank you for wasting a day a half of my life lol… you win I guess.
Hi everyone. I started this box 2 days ago and found user without hints which felt very good
I am now stuck onto root (I found same thing as @tacoLlama but can’t find anything on it) any hints on root ?
EDIT : found root. You just need to enumerate to correct files/folder
Has anyone been able to tackle the 1234 issue manually? there’s “forbidden” automation tools that can do it, but I am interested in how to do it manually
So far so good. I got lost on make*******() since I don’t really know about that and don’t have that bit. I can look at the things, decode them, and seemingly should be able to make a new one.
Nevermind, rubber ducky debugging strikes again. I found the file I was missing, which was clear as day on initial enum.