Hints here are already pretty good. Just to add some small ones:
User: remember that r/w/x permissions for a folder are NOT necessarily the same for subfolders!
Root: this is already pretty huge > @gyptocrypt said:
look at the interesting file in your home folder. make sure you read it VERY carefully, you will find something interesting. Use GTFObins to figure out what interesting line is doing
I would google ‘Bandit Level 25 to Level 26’. It will give you some more perspective about all the resizing hints. FYI Bandit is a great start to your pen testing career and will get you warmed up with all the weird tricks it takes to break these boxes.
I think I’m close to get user flag but need a hint… I found *.tgz file that should help me to use a service.
First, I tried to download this file on my kali to unzip it, but it didn’t work (tried with nc, got permission denied).
Then, I copied it into a directory where I have more permissions, and unzipped it. It unzipped useful files in /.s** directory, however I can’t access them now…
I’d like to crack i*_r** key, but how should I do it? Is it necessary to transfer it on my kali ?
I’ve been stuck on the user flag for far too long and could use a nudge. I’ve read a lot of comments on here and just still can’t seem to find anything to help me over the line
I’ve got the creds for D**** and have seen the /~D***** url. I’ve also stared at the conf file and manual endlessly and can’t seem to make anything of the hints for directory permissions and such. Does it have to do with the pid and signalling?
When I do the thing I need to do with my terminal, the l*** binary is not invoked! I tried ‘making my own binaries’ which also didn’t work. Tried asking a few fellas already but I can’t seem to work it out! Could anyone pm me with a nudge? Is this my terminal’s thing, do I have to change a setting inside the VM? It’s driving me nuts!
(I connect to the machine with Parrot OS and standard ssh connection, I guess it makes no difference but oh well)
When I do the thing I need to do with my terminal, the l*** binary is not invoked! I tried ‘making my own binaries’ which also didn’t work.
Not sure I follow what is going on here.
Tried asking a few fellas already but I can’t seem to work it out! Could anyone pm me with a nudge? Is this my terminal’s thing, do I have to change a setting inside the VM? It’s driving me nuts!
You can resize the terminal window. If you make it smaller than the file contents, what happens?
Just rooted this. Key theme for this box is to RTFM!
Here are my tips:
Initial Foothold: This is all about basic enumeration and exploitation, not much more needs to be said here. If you were to know what you were doing it wouldn’t take more than 5-10 minutes, so don’t overthink this stage. Keep it simple. If you get stuck, RTFM.
User: RTFM! But I’ll add that you don’t want to spend any time pursuing credentials that don’t seem to be working. No, you haven’t done something wrong, you’re just being dragged down a rabbit-hole. User creds (in retrospect) are intuitive and simple. The hard part is really just learning about a service you’ve found by googling/reading.
Root: Okay, some people here found root easier than user but I’ll disagree Someone here mentioned that “lateral thinking” really plays its part, and that’s the best description of the case here; the solution is highly non-intuitive.
My hint is in the same vein as what most others have been saying: the answer is right in front of you! But where I would go further is that that’s only half the way to root. You’ll then need to assess what sort of environment you’re in once you execute part a file you find in d****'s b** directory and how you could somehow manipulate it to do what you want. My advice? Again, RTFM, specifically regarding what environment you’re in.
As a bonus hint: stay away from GTFObins, it’s really not needed to figure out how to get root, and it ended up taking me down a rabbit-hole. Also, the resizing stuff also seems to not have any relevance, BUT: resizing my terminal did massively hint me to what I could do to gain root.
Shell: Searchsploit the thing right infront of your eyes.
User: Enumerate, enumerate, enumerate. Think how web apps are configured.
Root: LinEnum should do the trick. Privesc 101.
Hi, I’m on w**_**** so I found the config files and one tell me something about d***** really interesting, Im trying with John but I think is not the rigth way.
Hi, I’m on w**_**** so I found the config files and one tell me something about d***** really interesting, Im trying with John but I think is not the rigth way.
If you’re using John before gathering any files, then you’re going down a rabbit hole and need to keep enumerating the service: read the manul for that service to see what the config is actually doing. You’ll see something subtly interesting.
User flag took way too long due to not finding the directory, once I had that it was fairly easy.
Because of all the hints I read I had root a couple of minutes later.
2nd box I rooted so far, was fun!
