My head is spinning from that privesc. Foothold is just, well, foothold 101.
May have been too much for me to absorb it all at once. I'll need to try it from scratch again. Just not this week.
To be honest, I've never, ever, dealt with R*** at that level, so I was doing my field study while at it. But I probably spent 8 to 10 straight hours searching anything that would get me the foothold. Any exploits, CVEs, patches, versions,…
I got the foothold two different ways. One being the all things thingy, as expected, and the second one from a certain tag that I have absolutely no idea why it works, but it does, straight to a reverse shell even. Using a few ifs.
Whilst the foothold and the users were a good teaching, I think the root was a bit on the CTF side of things. After many enumeration scripts returning nothing, how on Earth should that path be visible?
I was out of hairs when I tried someth…
I think the machines user flag was the fastest I've ever got. The nmap scan lasted longer than that. It's a really nice entry level machine, it doesn't get more by-the-book than that.
The privesc gets cloudy, but when you actually read the exploit …
Rooted. Really fast machine, straight forward to the point. It was the fastest user flag I've ever got, just minutes.
I've found only one rabbit hole during privesc. I was one command away from getting root but "Access Denied" no matter w…
Rooted. Really fun box. I did most things from one tool.
There's one account that doesn't do anything, but it got some time from me thinking it had to do something.
User1: OSINT, then think like a company/bank and how their login would be. Requir…
Really fun and chill box. It doesn't matter where you are on this machine, the path is always as clear as daylight.
Foothold and User: Basic Windows and AD enumeration skills. Just read the outputs. Then go back to your enumeration once aga…
Rooted. Fun box.
I've done many boxes harder than this one, but if it has taught me anything it was to just write down what I've found and chill. Think with what you have.
This post has everything anyone needs to root the box.
Foothold: What do you…
Really fun and relaxing box. Initial foodhold is the hardest part. User -> Root is really easy.
Foothold: Enumerate. You'll find something exploitable, but no exploits in the wild work. So read them, understand then. Try to exploit manua…
Really frustating machine, but it was a great teacher to me.
User 1: What a ride. Enumerate and don't ignore anything. Scan smart not hard.
User 2: Quite simple to find if you enumerated, but not so simple to actually do it. You'll take a …
Really fun machine to kill some spare time. It was my fastest so far.
Foothold: Basic enumeration
User: What's on this machine? How does it work? Enumerate and read the documentation about it. Check a particular odd permission for a…
Initial foothold was the hardest part of this machine.
User took a while, but I tried something really basic and it worked. I was overthinking.
Whilst trying to get user I found the root privesc way, I just couldn't do it. But then it took only a c…
This thread is full of hints already, but giving my two cents:
User: Up to the first reverse shell it's really straightforward. You then start enumerating everything, you'll find your way. Read the files and learn lateral movement.
Really fun box.
I got "the" file seconds after seeing my nmap results. But I spent a whole day studying on how to deal with it. Worth it at the end.
Privesc was really nice and simpler than it looks. You just need to study q…
Owned the machine.
User was straightforward. It was fun to do it, but not much of a challenge.
Root was really tricky. It's a really small detail that I believe many and many people will overlook. The technique itself is basic.
User was really fun to get. Pretty straightforward too.
I'm stuck on Root however. I've run many enum tools but I can't find any nudge as to where to look. Maybe I'm burnout, but could anyone send me in the right direction?
Got root on this one.
That root.txt was a dirty move. It's not hard, just dirty. I knew what I had to do a few minutes inside the shell, but I though I was coding wrong for a many long hours.
The user on the otherhand was an amazing experience.
Can somene help me on the priv esc?
I've detected the clocky file and which script overwrites it.
I can't, however, edit it. Vi won't work over the reverse shell I've got.
User was miles easier than it, tbh.
I'm not even sure about what to do. I'm…
Any tips on the initial foothold? I've been studying both the DB found and how to "link" it somehow to the repository, still no clue at all. I've never had to deal with these. Damn, I don't even know that's the way.
Go the old fashioned way. Get your hands dirty.
It's possible to root this machine without ever touching odat, meterpreter or any of this kind. ODAT -may- get things faster for you in the later stages.