Hint for Waldo

Need help. anyone can pm?

so i assume rooting is something to do with cap********* and lM****-v1 but i have no clue where to go from here. it seems like the source is different from non-versioned but there’s still no obvious way to read anything and w/o write access there’s no way to mess with it.

is that file just a hint and it’s actually a semi-unrelated exploit? or is there some hidden flag? there’s no getc**/setc**/xattrs.

pm me if anyone need help

Thank you for the opportunity to learn about something during priv esc. That’s actually really cool and I might play with it more in the real world. Indeed, pivoting to the M user did feel like a bit of a stretch.

I’m glad I searched for other files before spending time and investigating the things that I already found…

I learned a lot from this box. Especially due to all the wrong turns I took! :slight_smile:

load key invalid format solution??? or m i doing something rong??

@muditjais said:
load key invalid format solution??? or m i doing something rong??

Yeah, go over a valid private key (some examples online) and see what’s wrong with yours

@drmz said:

@muditjais said:
load key invalid format solution??? or m i doing something rong??

Yeah, go over a valid private key (some examples online) and see what’s wrong with yours

yeaaa got user up for root.txt

I’d appreciate it if someone could PM with a hint for the foothold, I can browse the file system fine but I must be missing what I’m supposed to be looking for…

edit: Nevermind rebooted the box and what I needed was there

Got root, I am wondering is there another way to get the flag using another version of l****m binary, feel free I am here to talk about!!

Finally got root! It was a journey indeed. You need to know what you are capable of :wink:

a little question, maybe I am doing something wrong:

got user, I would open a meterpreter session, and I have the key, but from msf I can only open a basic shell with auxiliary/scanner/ssh/ssh_login_pubkey:

Active sessions

Id Name Type Information Connection


2 basic linux SSH xxxxxxxx (10.10.10.87:22) 10.10.xx.xx:41023 → 10.10.10.87:22 (10.10.10.87)

When I try to upgrade to meterpreter (sessions -u 2), the result is:
[*] Executing ‘post/multi/manage/shell_to_meterpreter’ on session(s): [2]

[!] SESSION may not be compatible with this module.
[*] Upgrading session ID: 2
[-] Shells on the target platform, linux, cannot be upgraded to Meterpreter at this time.

Always done it, but this time is not working.
Have u idea of what it’s going on?

Hi
Can anyone one give me some pointers for privilege escalation?
Thanks

I’ve been able to “enumerate” in the sense that I know HOW to find files that I need to move forward. The problem I’m having is how to GET or READ those files. Any tips are appreciated!

@Curve said:
I’ve been able to “enumerate” in the sense that I know HOW to find files that I need to move forward. The problem I’m having is how to GET or READ those files. Any tips are appreciated!

can you read any other files? maybe in the same folder? that way you might be able to figure out what actually is happening…

@p3tj3v said:

@Curve said:
I’ve been able to “enumerate” in the sense that I know HOW to find files that I need to move forward. The problem I’m having is how to GET or READ those files. Any tips are appreciated!

can you read any other files? maybe in the same folder? that way you might be able to figure out what actually is happening…

I can see the files, but I can’t seem to figure out how to read them. I wish I could say more (tools I’m using, etc.), but I’d be giving too much away.

@Curve said:

@p3tj3v said:

@Curve said:
I’ve been able to “enumerate” in the sense that I know HOW to find files that I need to move forward. The problem I’m having is how to GET or READ those files. Any tips are appreciated!

can you read any other files? maybe in the same folder? that way you might be able to figure out what actually is happening…

I can see the files, but I can’t seem to figure out how to read them. I wish I could say more (tools I’m using, etc.), but I’d be giving too much away.

Alright… I figured out what you were referring to. I got something I think I need… just need to figure out how to use it. Thanks for the tip!

Hey, can anyone give me hint about priv-esc? Escaped “jail” e.g. i’am at user m**** but then there is some r****.sh and l*m which im not sure what to do with them, probably get a hint that you must be capable but i cannot find right tools on the machine so any hint would be awesome!

waldo scared the cat

Managed to access the n****** folder. Dunno what to do, since there doesn’t seem to be anything useful in that folder.