Hint for Waldo

LordRNA · October 7, 2018, 1:54pm

@johnybaba said:
Can anyone help me out with waldo machine? Please PM me for the hints for gain normal user access. Thanks.

Check how list works.

johnybaba · October 8, 2018, 1:51pm

@LordRNA said:

@johnybaba said:
Can anyone help me out with waldo machine? Please PM me for the hints for gain normal user access. Thanks.

Check how list works.

While adding a new list, we can add some data. But whatever I am storing, in burp response it shows there but in the browser it shows nothing.

bluecipher · October 8, 2018, 2:40pm

Holy cow. Finally got the user and root flag. Shoutout to @ZaphodBB for the hints that got me through the small hurdle. As a Linux user for years, there’s always something new to learn as this box revealed. What a ride!

drUIdmoz · October 10, 2018, 1:19am

@r0pSteev said:
hava a look at this website How to Bypassing Filter to Traversal Attacks ? | Hacking & Tricks

great post here.

ashishjv1 · October 11, 2018, 11:10am

Could anyone PM me for root ? I’m currently logged in as m*****r . Found interesting files in ap*-**v directory. Cannot figure out a way to root.

HPringles · October 11, 2018, 12:58pm

Hi, I got user. But I can’t work out how to escape the rterm, logged in as n****y

HPringles · October 11, 2018, 2:56pm

Okay, I got out of that restriction, and into another, and out of that, but now I’m reaaaaaly stuck

s1k · October 13, 2018, 1:57pm

this should come in handy for anyone needing to remove newline and escape characters in a file they might hypothetically find somewhere:

cat dirty_file | sed 's/\\n/\n/g' | sed 's/\\//g' > clean_file

drUIdmoz · October 13, 2018, 7:01pm

@s1k said:
this should come in handy for anyone needing to remove newline and escape characters in a file they might hypothetically find somewhere:
cat dirty_file | sed 's/\\n/\n/g' | sed 's/\\//g' > clean_file

nice little action there, had to do it manually.

drUIdmoz · October 14, 2018, 2:54am

oh ■■■■!

I keep getting this when trying to use the file that has extra hacker capabilities…

*pts/0��[� pts/0ts/0monitor127.0.0.1��[C�$

when I have @#$@_read_search I don’t understand why I can’t read what i’m trying to read…

deckarddo · October 14, 2018, 4:52am

@drUIdmoz said:
oh ■■■■!

I keep getting this when trying to use the file that has extra hacker capabilities…

*pts/0��[� pts/0ts/0monitor127.0.0.1��[C�$

when I have @#$@_read_search I don’t understand why I can’t read what i’m trying to read…

I am getting it too don’t worry I think we just need to try harder.

deckarddo · October 14, 2018, 6:54am

Alright I want a nudge. I have broken out of jail and updated for proper exports. I am unable to get l**r working even with modified see. I am not finding anything capable of reading the file I want despite checking all of the bins. Please PM me a small hint.

deckarddo · October 14, 2018, 8:09am

Never mind got it. Not sure how I missed that earlier.

PM for a root nudge if you find yourself pacing around the bottom of a dumpster.

drUIdmoz · October 14, 2018, 6:37pm

rooted!

Calvo · October 15, 2018, 12:36pm

Any tips for user? I am playing with BS but i can’t seem to read anything worth looking at and pretty stuck atm. pms are welcome

LordRNA · October 16, 2018, 7:37pm

PM me if you need some help on this.

LordRNA · October 16, 2018, 7:39pm

@Calvo said:
Any tips for user? I am playing with BS but i can’t seem to read anything worth looking at and pretty stuck atm. pms are welcome

Take a look how lists work.

keresh · October 18, 2018, 4:33pm

rooted, a good enumeration is the key in all steps towards root

feel free to PM for hints

atxxx · October 19, 2018, 1:43pm

Finally got it rooted - very simple once you know what you are doing. Look into the commands you have available is my best piece of advice. If anyone would like any hints then drop me a PM.

sbroekhoven · October 19, 2018, 2:27pm

Unmasked Waldo’s root! Thnx for the help!