Hint for TartarSauce!

axel205 · June 26, 2018, 3:28pm

Been stuck on getting shell for a while… Found both web apps, logged into one and got nothing. Been running the ■■■■ out of dirbuster/gobuster on directories on the r****s.txt files, but haven’t found anything useful. Can anyone PM to get on the right direction? I Feel like I have missed something…

Maniek · June 26, 2018, 5:22pm

I got a root after a while. Thanks for help

masusekhan · June 27, 2018, 2:10am

@koredump said:
Rooted. The mind works in weird ways… got nothing for privesc all day staring at it, but once I went to bed, I figured it out in minutes. This thing really is a source of tunnel vision.

PMs ok. And I did get a root shell, but you don’t need to.

I did get the root.txt, can you pm the hint on the way you get the root shell?

osku · June 27, 2018, 6:57am

@3mrgnc3 thanks <3 great box!! Rooted it, didn’t think one roots boxes that way very often, but why not if it works.

All the messages combined in this topic constitute for a total spoiler :trollface:

leorac · June 27, 2018, 7:07am

Got root flag. The most anoying root i got!

Tr4k · June 27, 2018, 4:58pm

This is a box that you learn more and more even after you have obtained root.txt.
I’ve validated 3 ways to get priv esc to root, this was very educational!

Multie · June 28, 2018, 1:36am

When I started this box I hated it, but at the same time I enjoyed it because I was learning a lot. Good job to the creators. I finished it today and I think it taught me a lot.

raystr · June 28, 2018, 7:47pm

Got it, finally. Thanks to @Maniek couldn’t have done it without you.

0xArch3r · June 29, 2018, 10:56pm

ok so I am severly stuck… can someone assist me… i am trying to get root flag… i know I am like 80 percent of the way thru

raystr · June 30, 2018, 11:42am

@H4ck3d5p4c3 sent you a pm.

fl337 · June 30, 2018, 7:58pm

Can someone help me with inital access I think im derping out here…

dakkmaddy · July 2, 2018, 7:28pm

After quite a long battle, I got a root shell. IDK if I consider it “realistic”, but it did teach me a lot. Advise : Have a plan to enumerate if / when automated tools fail and always dedicate some time to open sources and research. Make the effort to duplicate your target in a sandbox environment so you can experiment with different techniques.

Bkhh8412 · July 2, 2018, 9:00pm

@fl337 said:
Can someone help me with inital access I think im derping out here…

Enumerate and don’t trust the output!

infosecetc · July 3, 2018, 1:24am

Tarnation, this one was tough… finally made it through to the end after taking a few slaps on the wrist for relying on tools! Thanks for the tip @Maniek!

9r4shar4j4y · July 6, 2018, 10:48am

Can someone help me with initial access I think i am lost. Could not upload you know where? spidering and wp not taking me anywhere? If possible PM me. Thanks in advance

patattack666 · July 6, 2018, 12:12pm

@9r4shar4j4y enumerate using a common tool for wp. Test one flag at a time, Pal

Kamolik · July 6, 2018, 6:10pm

guys, help please!! hint is using brute force in right wplace??

Higgsx · July 10, 2018, 11:37am

I’m stuck for almost 3 days. I enumerated every directory with gobuster. Downloaded m*******.zip open source app, read its files. scanned all ports. Found 2 exploits but none of them works.I’m very stuck. “retartar” I thought it was related somehow to .tar archive files but I don’t know.I even archive php file twise into tar(re-tar-tar) BUT NOTHING WORKS. Very little help will be appreciated. I need just direction.

bonjourpancake · July 13, 2018, 7:08pm

Could anyone pm me for priv esc, I know about the script and the “differences”, I tried with root flag but doesn’t print it out for me… so close yet so far…

bynx · July 13, 2018, 7:57pm

@bonjourpancake said:
Could anyone pm me for priv esc, I know about the script and the “differences”, I tried with root flag but doesn’t print it out for me… so close yet so far…

work smarter, not faster