Anyone got a nudge on root? cant seem to get the root shell to kick
Nevermind i got it
Anyone got a nudge on root? cant seem to get the root shell to kick
Nevermind i got it
In the mean time I installed the node app that nmap reported for the highest port (probably not correct) haha it took forever cause all deps where broken but then it worked and I made a websocket connection on my box but guess what lol didnât work on the notebook. â â â â going to bed probably fooled by a funny box great job! love it.
Hi
Canât seem to understand the way to foothold. I used gobuster multiple times, didnât find anything useful. Analyzed all the requests, not found anything. Searched for vulns for the nginx version, did not find anything useful. Cannot find any creds of any admin account. Not much functionalities available after signup. Now Iâm definitely missing something.
Also I donât have any idea about the rxi on port 1*0, might be the correct path. Can anyone point me to the right direction.
Thanks
root@thenotebook:/root# id
id
uid=0(root) gid=0(root) groups=0(root)
Great machine, thank you for the help and for making this one!
@mostwanted002
Spoiler Removed
Finally I got it working
root
thenotebook
uid=0(root) gid=0(root) groups=0(root)
ÂŻ_(ă)_/ÂŻ
Hi all, can anyone offer me a hint. for thee foothold? Proper stuck here.
Thx @mostwanted002 Rooted!
Pretty straight forward but a very nice box, learnt some stuff ^^
Donât hesite to PM if stucked
Hi, can anyone give me a hint on foothold, is it through SS** or am i barking up the wrong tree ?
Thanks
Hello, some friendly person. So Iâm already root but my exploit to escape from d ⌠er doesnât work for me. Actually, it works for me but when it connects to netcat I donât have command execution. Please if you can write to the dm
Thank you, guys! I hope you enjoyed the journey
Type your comment> @Sharker3312 said:
Hello, some friendly person. So Iâm already root but my exploit to escape from d ⌠er doesnât work for me. Actually, it works for me but when it connects to netcat I donât have command execution. Please if you can write to the dm
HMU in the DMs.
rooted. thanks @mostwanted002 for the fun box. some good hints above already so i wonât add to them.
PM if you need a nudge.
Thanks to the guy who reset the box, then stopped it, then reset the docker container after I wrote my exploit, then probably ran out of ideas. Meet me irl, we need to talk.
Great box! I learned a lot of things and made sure to take notes for next time. Itâs important to build a repo of notes and commands that you use and experience when making your way through a machine.
Something I have never had to do before, but have seen ippsec do a lot of times. Took a second to find it, but when I did, there was a lot of resources out there to review and figure it out. Mess around with the app, what does it do? Does any one know where the cookie jar is?
You can use linpeas or Linenum, but I prefer manual enumeration. Snoop around the file structure and you will find an interesting file. I know making these is a very good idea and I often times find juicy stuff like this so this is the first thing I tried and it paid off
This took me longer than it should have. I knew what I could do, I knew what was running, and I knew what privs I had on the thing I could access, but I didnât piece things together. I deal with CVEs everyday in my day job, but didnât know about a particular CVE for what was running on the box. Once I got the exploit dialed in, I got a root shell.
Overall, this box was great to work with and was great to add stuff to my notes for use latter. Thank you, @mostwanted002 for the great box!
I am always open to assisting over PM, but please, PLEASE, make sure to tell me what youâve done so far, what isnât working and so on before asking for hints. Point blank asking for help without providing things youâve already tried doesnât help either of us.
Can someone please help with foothold? Please pm.
@mostwanted002 Fantastic box â initial access is very different than what Iâm used to, but it definitely made me think outside the box a bit. Privesc was very similar in terms of difficulty, but once the pieces clicked into place it all made sense! Great job my friend!