Official TheNotebook Discussion

Got RCE but stuck on Privesc

Rooted.
Pretty easy machine in comparison to other medium boxes.
P.M. for a nudge

stuck on privesc to root, can I get a nudge please i tried everything i could think off

Just got foothold, love it!

Thanks for the fun box @mostwanted002! :slight_smile:

Nice box, I was a bit off on the beginning because my “exploit” didn’t work but after a while it started so I don’t really know why. Anyway rooted :smiley:

Thanks for the good machine mostly the root part @mostwanted002 :smiley:

Finally rooted this one. Nice box @mostwanted002!

Foothold was definitely the funniest part for me.

For user: enumerate enumerate enumerate, and beware the rabbit holes. There’s a pretty huge one I fell into and took me a lot of time, but I learned new stuff in the process, so I guess I don’t regret going down to it ¯\(ツ)

Root is maybe the easiest part: consider what you can do, maybe take a look at rate matrix for hints on what you should enumerate.

PM me for hints, but make sure to include proof that you have done your homeworks :wink:

Thank you, everyone! Your feedback means a lot. I’ll be trying to make more submissions ahead. :smiley:

Very enjoyable machine. I learned something new, thanks @mostwanted002

id
uid=0(root) gid=0(root) groups=0(root)
root@thenotebook:/#

What a journey,learned new things,overall nice box :slight_smile:

Got user ¯_(ツ)_/¯ but struggle with root part so far. ? for a nudge how to use that ock* command i could run under root rights.

Rooted nice machine thanks to machine creator

Don’t really get it hahah. Am I supposed to hit the so**** on loho via the j* co****? Cause I tried pretty much everything else :smiley: rofl I don’t get it ahha

Anyone got a nudge on root? cant seem to get the root shell to kick

Nevermind i got it

In the mean time I installed the node app that nmap reported for the highest port (probably not correct) haha it took forever cause all deps where broken but then it worked and I made a websocket connection on my box but guess what lol didn’t work on the notebook. ■■■■ going to bed probably fooled by a funny box :smiley: :smiley: great job! love it.

Hi
Can’t seem to understand the way to foothold. I used gobuster multiple times, didn’t find anything useful. Analyzed all the requests, not found anything. Searched for vulns for the nginx version, did not find anything useful. Cannot find any creds of any admin account. Not much functionalities available after signup. Now I’m definitely missing something.
Also I don’t have any idea about the rxi on port 1*0, might be the correct path. Can anyone point me to the right direction.
Thanks

root@thenotebook:/root# id
id
uid=0(root) gid=0(root) groups=0(root)

Great machine, thank you for the help and for making this one!
@mostwanted002

Spoiler Removed

Finally I got it working :wink:

root
thenotebook
uid=0(root) gid=0(root) groups=0(root)

¯_(ツ)_/¯