Got user, tonight I’ll try to root the box.
I was doing everything correctly but a little dumb mistake that blocked me for like 12 hours.
P.S. I’m using lab vpn and not release arena because I can’t spawn the machine there (IP 10.10.10.237)
Edit: rooted!
Foothold/user: start with classical enumeration and focus on ‘less common’ ways, you’ll find useful information that will let you understand what the target offers. With some google-fu you’ll eventually find the right article that will show you how to get into the box
Root: enumerate with classical tools, beware of rabbit holes!
I have what is needed I think and i can get the exploit to work locally I just can’t figure out how to get the files packed back together so that the user runs it on the remote machine.
Edit: I figured it out finally with a bit of help from @SovietBeast . the machine is incredibly vague about what it needs and my syntax was off so it took me a long time of playing with the payload before it finally worked.
Rooted with big help from @SovietBeast !!!
The Foothold part was medium level, the root part was not as what I expected. I expected it to be more “windows” oriented …
I also seem to be unable to make a proper “.y**” file for the update - or doing something else wrong. Have tried putting my load together with it but also having it remotely grabbed. Any hints welcome.
//Never mind, apparently flipping random stuff fixes things.
Rooted. Other than some inconsistencies (possibly due to another user on the machine) I don’t understand the low rating. Cool box. PM for hints.
For the foothold, I have tried so many variations for the .y* file but my POC payload doesn’t trigger. Tried uploading with the binary also and renaming the binary etc but nothing. Uploading the binary also out so I am guessing it just needs the special file and everything else is running on the host. A nudge would be gratefully received - have spent far too may hours staring a certain article!
For the foothold, I have tried so many variations for the .y* file but my POC payload doesn’t trigger. Tried uploading with the binary also and renaming the binary etc but nothing. Uploading the binary also out so I am guessing it just needs the special file and everything else is running on the host. A nudge would be gratefully received - have spent far too may hours staring a certain article!
So, one thing to check that caused me to stumble around for a while is the format of the .y** file… if you are editing in something like gedit, MAKE SURE your not allowing the lines to wordwrap. I am fairly certain that the file is read with expectations of parameters to be on specific lines. Hope this helps!
@JackzWild - thanks for the tips re the y** file. I excluded some stuff and now mine works. Real process of trial and error. Appreciate the help! For anyone who has found what they think is the right article, try to get a POC where you can confirm the target is doing something that you want. @nekothedj - thanks also - I think you are right as mine worked when I excluded some additional stuff. The file has only a few lines now. Word wrap wasn’t an issue for me but I think additional info in the earlier lines seemed t be causing a problem.