anyone wanna give me a hint on getting root ?
Just got user and root on the box. That was fun, but getting the final flag doesnât feel as satisfying as a root shell. Getting the root flag isnât as difficult as it seems.
Confused on what to do with the p****_b*** fileâŚany nudges would be appreciated. Canât read the user.txt
I got root.txt. Could someone who recieved a shell as root explain how you did it? I didnât use a root shell to access root.txt.
Lost here!! Could someone DM me. Cant read user.txt and have no idea what to do with hex dump p*****.******p
@Cybeernoob said:
Lost here!! Could someone DM me. Cant read user.txt and have no idea what to do with hex dump p*****.******p
Try displaying the contents of the the p******_****** file to your shell, then - Google!
You need to figure out the file type.
Update: I DMâd you a hint. Itâs already mentioned in this forum so I donât think itâs a spoiler - magic number!
So me and my friend has been going for the root flag for hours and hours now. We are completely stuck. We have found the I**** file and believe weâve got something going there, though we canât seem to wrap our fingers around how to go forward. Is there anyone that could give us a tiny little hint on how to proceed?
Feel free to DM!
Shelled and rooted this today. Very fun little CTF box with some good learning experiences mixed in. I saw a lot of people struggling with root shell or difficulty accomplishing it in a nondestructive way. Iâm not sure if my method was the intended one or not, but I didnât have to damage anything in the process. Just takes understanding whatâs going on with what is in front of you and doing a bit of a âdetourâ with basic Linux functions.
The only problem to get user is c00l h4ckers that instead uploading shell block front page.
But after you upload shell just decode all things.
The way to root is also obviously.
After you see the direct way, do not walk from it and will not waste the time.
Have never seen such trick for root before. Nice and intuitively.
@Draughts said:
So me and my friend has been going for the root flag for hours and hours now. We are completely stuck. We have found the I**** file and believe weâve got something going there, though we canât seem to wrap our fingers around how to go forward. Is there anyone that could give us a tiny little hint on how to proceed?
Feel free to DM!
DM incoming
Need help to get user , can someone pm me ?
Thanks L4mpje - good introductory box.
I cannot get user, any hints? I scanned all pages with dirb and found directories which can be usefull for file exploits. Also I think the login has something to do with Super User (admin in standard joomla) and Floris. No clue where to login or how to get user, please give me some help to learn. :))
@54pp0r0 said:
I cannot get user, any hints? I scanned all pages with dirb and found directories which can be usefull for file exploits. Also I think the login has something to do with Super User (admin in standard joomla) and Floris. No clue where to login or how to get user, please give me some help to learn. :))
Hint: View Source
So I got a reverse PHP shell and I see the user.txt file. But it says permission denied, any hint or help how to fix this please
@54pp0r0 said:
So I got a reverse PHP shell and I see the user.txt file. But it says permission denied, any hint or help how to fix this please
check carefully and you gonna find p*b file , and learn from bandit12 ,the you will get user
@m1chaelsh1 said:
@54pp0r0 said:
So I got a reverse PHP shell and I see the user.txt file. But it says permission denied, any hint or help how to fix this pleasecheck carefully and you gonna find p*b file , and learn from bandit12 ,the you will get user
I got the p*b file and decoded it to password.txt. So I got a password but I have no idea what to do with it. Cant log in with SSH, cant use it use sudo root⌠Help pls
have been working on root for a while now, have found the I**** file but am hitting a wall. just wondering if someone could give a hint on the way forward?
Just rooted the Box. Althouth it is an âeasyâ box, I learnt a lot. Congratz to the maker.
Sorry guys this is driving me nuts to decode the hex⌠followed bandit12, get the type of b*2 file it is⌠etc⌠when trying to decompress saying invalid etc⌠am i completely thrown off scent? or am I missing a trick? DMs welcome