Official TheNotebook Discussion

Don’t really get it hahah. Am I supposed to hit the so**** on loho via the j* co****? Cause I tried pretty much everything else :smiley: rofl I don’t get it ahha

Anyone got a nudge on root? cant seem to get the root shell to kick

Nevermind i got it

In the mean time I installed the node app that nmap reported for the highest port (probably not correct) haha it took forever cause all deps where broken but then it worked and I made a websocket connection on my box but guess what lol didn’t work on the notebook. ■■■■ going to bed probably fooled by a funny box :smiley: :smiley: great job! love it.

Hi
Can’t seem to understand the way to foothold. I used gobuster multiple times, didn’t find anything useful. Analyzed all the requests, not found anything. Searched for vulns for the nginx version, did not find anything useful. Cannot find any creds of any admin account. Not much functionalities available after signup. Now I’m definitely missing something.
Also I don’t have any idea about the rxi on port 1*0, might be the correct path. Can anyone point me to the right direction.
Thanks

root@thenotebook:/root# id
id
uid=0(root) gid=0(root) groups=0(root)

Great machine, thank you for the help and for making this one!
@mostwanted002

Spoiler Removed

Finally I got it working :wink:

root
thenotebook
uid=0(root) gid=0(root) groups=0(root)

¯_(ツ)_/¯

Finally rooted it… great box @mostwanted002

Hi all, can anyone offer me a hint. for thee foothold? Proper stuck here.

Thx @mostwanted002 :wink: Rooted!
Pretty straight forward but a very nice box, learnt some stuff ^^
Don’t hesite to PM if stucked :wink:

Rooted great box @mostwanted002 really learned a lot …
PM me if anyone need any help !!

Hi, can anyone give me a hint on foothold, is it through SS** or am i barking up the wrong tree ?
Thanks

Hello, some friendly person. So I’m already root but my exploit to escape from d … er doesn’t work for me. Actually, it works for me but when it connects to netcat I don’t have command execution. Please if you can write to the dm

Thank you, guys! I hope you enjoyed the journey :smiley:

Type your comment> @Sharker3312 said:

Hello, some friendly person. So I’m already root but my exploit to escape from d … er doesn’t work for me. Actually, it works for me but when it connects to netcat I don’t have command execution. Please if you can write to the dm

HMU in the DMs.

rooted. thanks @mostwanted002 for the fun box. some good hints above already so i won’t add to them.

PM if you need a nudge.

got root… thanks @mostwanted002 for the box

Thanks to the guy who reset the box, then stopped it, then reset the docker container after I wrote my exploit, then probably ran out of ideas. Meet me irl, we need to talk.

Great box! I learned a lot of things and made sure to take notes for next time. It’s important to build a repo of notes and commands that you use and experience when making your way through a machine.

Foothold

Something I have never had to do before, but have seen ippsec do a lot of times. Took a second to find it, but when I did, there was a lot of resources out there to review and figure it out. Mess around with the app, what does it do? Does any one know where the cookie jar is?

User

You can use linpeas or Linenum, but I prefer manual enumeration. Snoop around the file structure and you will find an interesting file. I know making these is a very good idea and I often times find juicy stuff like this so this is the first thing I tried and it paid off :slight_smile:

Root

This took me longer than it should have. I knew what I could do, I knew what was running, and I knew what privs I had on the thing I could access, but I didn’t piece things together. I deal with CVEs everyday in my day job, but didn’t know about a particular CVE for what was running on the box. Once I got the exploit dialed in, I got a root shell.

Overall, this box was great to work with and was great to add stuff to my notes for use latter. Thank you, @mostwanted002 for the great box!

I am always open to assisting over PM, but please, PLEASE, make sure to tell me what you’ve done so far, what isn’t working and so on before asking for hints. Point blank asking for help without providing things you’ve already tried doesn’t help either of us.

Can someone please help with foothold? Please pm.