I have no idea what is wrong with my retrieved id_rsa… it looks perfect, I’ve made the font super small so everything fits on the page, it’s formatted perfectly, permissions are set accordingly.
It just doesn’t work… I’ve tried to extract it using multiple different readers. Does anyone have a clue what’s happening here?
edit: Deleting known_hosts fixed this.
Type your comment> @panic said:
I have no idea what is wrong with my retrieved id_rsa… it looks perfect, I’ve made the font super small so everything fits on the page, it’s formatted perfectly, permissions are set accordingly.
It just doesn’t work… I’ve tried to extract it using multiple different readers. Does anyone have a clue what’s happening here?
Look at a good working one and see if you can find the difference. Take a look at 2 or 3 of them.
finally got user 
Now onto root…
Rooted
Great box! Learned a lot!
Great box, one of those real close to a real life assignment. In case you have not met any of the attack vectors before you would definitely need to be patient on this one.
Indeed patience is needed on this box. If you’re having a hard time take a break. After struggling to get user at various levels I was spent and couldn’t think straight for root.
It then turned out to be much easier than I initially thought after breaking for a full day.
rooted
Thanks for nice box…
Hey I just started this box and got an idea on the initial foothold just wanted to ask somebody in messages if I am on the right track feel free to PM me
– Done
Rooted…
Una vez mas @7u1x gracias por la paciencia y el apoyo
Type your comment> @panic said:
I have no idea what is wrong with my retrieved id_rsa… it looks perfect, I’ve made the font super small so everything fits on the page, it’s formatted perfectly, permissions are set accordingly.
It just doesn’t work… I’ve tried to extract it using multiple different readers. Does anyone have a clue what’s happening here?
edit: Deleting known_hosts fixed this.
The same thing happened to me, I had to “clean” the non-standard characters by hand
This is my first medium level box that required web app security. Can i get some directions on what to try next? I have download the *.**f files.
stuck on root, using the well known exploit everyone is talking about but its stuck at “waiting for r****ing […]”.
from the documentations of the exploit, it seems that the c**n job of the root user will trigger whats needed for the exploit to work, and i shouldn’t need to run anything other than wait with a listener. or am i wrong?
any help would be greatly appreciated. thanks 
EDIT: rooted now, make sure you investigate all the error messages you see! especially after you run the l*******e exploit, you can also login into the compromised user to see if there are any errors.
Stuck with id_rsa - Cleared manually everything but shows invalid format 
- any suggestions to check with?
edited: worked - the reason I don’t know but the same id_rsa file worked without changing a single bit!
Just rooted it, Thanks for the great machine .
Got access to admin portal thanks to the hints that are spreaded here, but now have no idea on what to do there, any help? I don’t even get why one could use X** like someone said before… isn’t that kind of attack taking place on the client side?
Hi guys, managed to get user access but when I try to upload payload, there is nothing appearing in admin part of server, would be really grateful for any nudge on it. Thanks
Type your comment> @Szkiel said:
Hi guys, managed to get user access but when I try to upload payload, there is nothing appearing in admin part of server, would be really grateful for any nudge on it. Thanks
Look around more in the admin panel (click everywhere), it’s in front of you.
Type your comment> @newrookie said:
Got access to admin portal thanks to the hints that are spreaded here, but now have no idea on what to do there, any help? I don’t even get why one could use X** like someone said before… isn’t that kind of attack taking place on the client side?
Search for this X** + the filetype you are able to upload, you should get your answer.
Type your comment> @Sudi said:
Type your comment> @newrookie said:
Got access to admin portal thanks to the hints that are spreaded here, but now have no idea on what to do there, any help? I don’t even get why one could use X** like someone said before… isn’t that kind of attack taking place on the client side?
Search for this
X** + the filetype you are able to upload, you should get your answer.
Thank you very much!
Got root! PM for nudges.