Official Spectra Discussion

i got everything the exploit worked for me but i couldn’t get reverse shell i tried bash,netcat,python,perl reverse shells but i didn’t recive anything in my listener please help me … i don’t wanna get the shell from the RAPID7 … … guid me plz or give me small hint and i ll be appricated

Rooted.

Foothold was easy. Proper enumeration is your friend.

User was a bit of a ■■■■■ because the enumeration script I was using overlooked something important and I spent a good day head scratching. But if I had used the right tool the first time this would have been so simple.

Root was < 10 minute deal.

This box is really just good enumeration and leveraging small things to move around.

Pm for hints or to share methodology.

Rooted!
Foothold → you have something that you will ignore, look inside it very well! yes I know it sucks.

User → enumerate!

Root → Easiest part, google it it’ll help you!

If you need help feel free to PM me :wink:

I have become root. Unfortunately in the home directory does not exist a root.txt but only two hash like named directories. Is this intended by the design of the box or has someone deleted the root.txt?

Thanks for any hint in advance :slight_smile:

@balou23 said:

I have become root. Unfortunately in the home directory does not exist a root.txt but only two hash like named directories. Is this intended by the design of the box or has someone deleted the root.txt?

Thanks for any hint in advance :slight_smile:

From what I can remember on this box, it sounds like some idiot has broken it. I’d suggest a reset and repwn.

rooted.

fun box. everyone else said it, but ill echo it: Enumeration is key. Other than my initial scans, I used generic Linux commands and a tiny bit of scripting/code here and there and had the box.

foothold: I would have had this box a day earlier had i been smarter. I actually had the credentials needed, found them, grabbed them but didn’t try it w/a specific user until I was about to head to bed for the night. felt pretty dumb about that one.

foothold 2: If you have ever messed with this application then you will know where to go and what to do. If not, google is your friend.

user: enumeration. look for things you wouldn’t normally see on a Linux system

root: again a few Linux commands (ones you should probably be running the second you have a user account) and you will know the path to go down. again enumerate around and see whats running or not running that isn’t normal. do a lot of exploring, read a few things, and you can get root. and like others said, if you are unfamiliar with the command google is your friend.

also: please remember to remove your files and put things back when you are done. the second I had user I could have just looked at all the scripts someone left behind and had root in one second. Instead i reset the box.

Rooted, great box, thanks to the creator!

Just rooted. Feel free to DM me on Discord or on here (preferably Discord).

Rooted. Foothold was definitely easier due to the fact I completed the right Academy module recently. Slightly spoiled myself a bit for root because the first result when searching for “[suspicious thing] privesc” is a leaked writeup for this box with an unsuspicious title…

PM for hints!

Just Finished the Box. If needed i can help! :slight_smile:

ROOTED…!!!
My DMs are open, I’ll be happy to help.

Rooted.

Foothold: backup is useful

User: enum… manual or auto?

Root: All about timing :slight_smile:

Rooted,
the root part was confusing to me, i use the basic (every one knows what it is) enum and found the command i could use, but when im googling for this command, i found a way to root in just 5s with b**h -p. I try to gg for the p flag but can’t understand it. Someone could dm for an explaining please?

Wow trying to get foothold but really struggling somehow…

I found something interesting but can’t get the creds in it to work…maybe a rabbit hole? .save?

@rancilio said:

Wow trying to get foothold but really struggling somehow…

I found something interesting but can’t get the creds in it to work…maybe a rabbit hole? .save?

Not necessarily. You might just need to think about some other users.

Type your comment> @TazWake said:

@rancilio said:

Wow trying to get foothold but really struggling somehow…

I found something interesting but can’t get the creds in it to work…maybe a rabbit hole? .save?

Not necessarily. You might just need to think about some other users.

I’m sure I tried that before…I’m in now, thank you!

Just got root!

Foothold: This took me a lot longer than it should have. I overlooked something. Do some basic enumeration, there will be something that should stand out containing some useful info.

User: More enum, you don’t need scripts for this, look around and again you’ll find something useful. Use this with another service to get in.

Root: See what you are allowed to do and google how that works. It shouldn’t take too long.

DM if you need help.

Would any mind giving me a nudge on enumeration steps to get user? I have the foothold but I’ve been looking round for hours and not finding anything useful… getting to my wits end! Thanks in advance.

@jmehys said:

Would any mind giving me a nudge on enumeration steps to get user? I have the foothold but I’ve been looking round for hours and not finding anything useful… getting to my wits end! Thanks in advance.

It is down to enumeration. Have you looked in the folder normally used for add-on packages?

Thanks @TazWake. Cracked it a few minutes ago - onto root :slight_smile: