Hint for Waldo

I found some process has c??_setu?? but cannot exploit. Am I on the right way?

Hi
Please could someone give me some pointers to get the initial foothold. I can see file contents and folders. But seem to restricted to a certain folder.
Thanks

@moony8272 said:
Hi
Please could someone give me some pointers to get the initial foothold. I can see file contents and folders. But seem to restricted to a certain folder.
Thanks

Look at the files you can see, Read the code and try to discover how they work.

Just out of curiosity, I was able to log in and do some scanning, now when I want to sing this song from Queen, I am unable to do it. Any usable hints or directions without spoilers on this one. :slight_smile:

This one was quite funny, I was banging my head and then something obvious came. This is something I completely overlooked. Great machine but a bit annoying.

Wow what a box! As others have said, learned loads on this about something I’d never heard of.

Thanks to @mcruz @bowlslaw @grepthis and @nomad17 who gave me hints along the way and pulled me out of many a rabbit hole.

If anyone wants a spoiler-free nudge feel free to PM me.

Hi,

I think that i am close enough for the privesc but after studying the appropriate files and trying too many things i think i am stuck. If anyone wants to give me a hint or to tell me if i am close enough, please PM me. Thanks!

@amshusky18 said:

@chrisbensch said:
Ok, able to read the php files in var www html. Just can’t seem to figure out how to abuse the path. I’ve been looking at the list.js functions and also inside the fileRead.php. A nudge?

@mbie said:
Looking for a privesc hint, currently stuck. Can’t understand how that versioned file can read with root permissions while the other file can’t. Any hints?

You might wanna check permissions or capabilities of that file… You’ll know what to do once you figure it out…

This was the one that did it for me. And now reading back all the other hints; can’t believe how incapable I was in finding the right command.

@STY said:

@amshusky18 said:

@chrisbensch said:
Ok, able to read the php files in var www html. Just can’t seem to figure out how to abuse the path. I’ve been looking at the list.js functions and also inside the fileRead.php. A nudge?

@mbie said:
Looking for a privesc hint, currently stuck. Can’t understand how that versioned file can read with root permissions while the other file can’t. Any hints?

You might wanna check permissions or capabilities of that file… You’ll know what to do once you figure it out…

This was the one that did it for me. And now reading back all the other hints; can’t believe how incapable I was in finding the right command.

Glad it helped…

Need help. anyone can pm?

so i assume rooting is something to do with cap********* and lM****-v1 but i have no clue where to go from here. it seems like the source is different from non-versioned but there’s still no obvious way to read anything and w/o write access there’s no way to mess with it.

is that file just a hint and it’s actually a semi-unrelated exploit? or is there some hidden flag? there’s no getc**/setc**/xattrs.

pm me if anyone need help

Thank you for the opportunity to learn about something during priv esc. That’s actually really cool and I might play with it more in the real world. Indeed, pivoting to the M user did feel like a bit of a stretch.

I’m glad I searched for other files before spending time and investigating the things that I already found…

I learned a lot from this box. Especially due to all the wrong turns I took! :slight_smile:

load key invalid format solution??? or m i doing something rong??

@muditjais said:
load key invalid format solution??? or m i doing something rong??

Yeah, go over a valid private key (some examples online) and see what’s wrong with yours

@drmz said:

@muditjais said:
load key invalid format solution??? or m i doing something rong??

Yeah, go over a valid private key (some examples online) and see what’s wrong with yours

yeaaa got user up for root.txt

I’d appreciate it if someone could PM with a hint for the foothold, I can browse the file system fine but I must be missing what I’m supposed to be looking for…

edit: Nevermind rebooted the box and what I needed was there

Got root, I am wondering is there another way to get the flag using another version of l****m binary, feel free I am here to talk about!!

Finally got root! It was a journey indeed. You need to know what you are capable of :wink: