This box is a good reminder to think about what you're actually trying to enumerate and select your resources accordingly instead of using the same old lists.
The exploit was an intersting one and the priv esc to root was fa…
Rooted. Decent box, got lost in a rabbit hole after initial foothold for a bit. For the initial foothold you don't even need a script, I just used Burp with a macro.
Learnt a nice easy priv esc from this one.
What a great box :mrgreen:
It took me an embarrassingly long time to find the initial cred. The path to root was a learning experience for a noob in that language.
The box had a nice priv esc to root as well!
Overall one of my favourite b…
Fun easy box,
Read the exploit you will find online for an idea on how it is exploited, then read the docs. I did manage t…
Thanks @Xh4H, nice cruisy box :mrgreen:
Personally I had some minor annoyances with user2, but the actual escalation was cool!
Root was easy once you see it. I didn't do any 'appending' to get a root shell. There isn't a need to really, you can ju…
Look at me, I'm the Administrator now :sunglasses:
This was one of my favourite boxes so far!
All the hints are here already, but I will say that it pays sometimes just to do things manually. Spent way too much time on root debugging errors …
@Xtronum I'm stuck at the same point, I've added a new user and the appropriate groups but I can't allocate DCs rights. I'm not sure if it's a bug, because I'm pretty sure my syntax is correct. I'm trying to add rights with Pow**V***.
I have the key (pretty sure it's a********v), but when I use the key to decrypt p***************.txt I get an incomplete output. It looks like a pass but the last 4 chars are munted. I'm running the script server side so there should be no issue wit…
Nice fun box :mrgreen:
I stuffed around for a couple of hours with the initial priv esc, just poor enum on my part. If you're experiencing 'internal' frustration :wink: I suggest going back to the basics of retrieving web content from the cmd line …
That was a fun box! I learned a lot gaining user, and the scripting part was great. Thanks @MrR3boot.
Hints: for user, use Burp and Wireshark to check requests and responses when scripting and make sure your request headers etc are correct. If the …
I have the k.d* file, but I'm stumped as to what to do next. I cant see a way to decrypt it with the info I have. I can't see any info that stands out from the processes either. Is there a tool or ps cmd like pspy but for windows? Also there is no l…
GPG symmetrically encrypted data (AES cipher)
I don't know how to proceed now? I've tried recovering the pass with john but no luck.
Forgot to remember the simple things. Thanks phneutro for the hint!
> Can someone help me a bit?
> I got the shell as p*****r via s*****r but no wan't echo any output.
> If i type ls, it just shows ls but not the folders.
> But I still can use cd, i just have no output for the commands.
I'm in the P** shell through the backdoor and have dumped the info needed. I can check if files are writable, read files (within limits) and edit writable files and I've found an interesting i*i file for later.
Would appreciate a nudge with the …