Have a low priv shell, digging through the rabbit hole… have the first hint. But totally stuck
@illwill after reset exploit is working …maybe more reset take over the box
rooted ! thanks @marine
but I don’t really understand what was happening there
is it really that easy ?
If someone rooted the box and wants to discuss the solution pm me
pm for hints
I hate CTF like boxes.
The only thing that I liked about it is that you can actually get root without getting user.txt, and root is pretty easy.
My tips:
For initial foothold:
You need to follow the obvious hint that is given to you. Make sure that your nmap scan is not missing something. After that, a little bit of research (basically a google search) will grant you a shell. For user.txt, just spend a few minutes enumerating the system and you will find something useful in order to log in as a proper user.
Priv esc:
Piece of cake, basic Linux priv esc method. Once you find something interesting, see what it is trying to do and exploit it to get the root shell.
Good luck!
i think i’m overthinking privesc. just can’t get it done. meh, maybe later
Finally rooted. I just needed to step away and come back with a fresh set of eyes was all. Yup, don’t overthink the priv escalation on this box and look for the low hanging fruit. I searched and saw it not long after I got user, but didn’t take time to read. Had I slowed down I would have noticed something that hadn’t looked familiar. Good luck to those still hacking away–just keep it simple.
got it. thanks @T3jv1l for making me realize that my find command was wrong (and has been so for weeks, that explains why i had such a hard time lately, lol)
I have a low level shell, a bit lost on where to priv esc from here. Have found user.txt but no permission, would appreciate a gentle push in the right direction!
EDIT: Got user, that was super fun (thanks for your hints). Time to look more into priv esc now.
EDIT2: Got root. That was a bit harder than expected only because i’m not too familar with the standard linux files. Still learnt a lot though. If anyone is proper struggling I can nudge you in the right direction, just PM me.
Look at the files you have access to. One of those will give you a hint. You will probably overthink and disregard that hint. Ask me how I know… xD
Got it! I want to thank to everybody who has helped me. It is a nice box, a little bit unrealistic on the privesc part, but OK.
Guys, I am not so experienced. I got till the phase of setting up a reverse cell, but no responses 
any clues ?
@dimhatzi maybe take a closer look at the port you’re using to make sure it’s the right one for that exploit.
@OzzY said:
@dimhatzi maybe take a closer look at the port you’re using to make sure it’s the right one for that exploit.
I tried it on several of the ports and they all worked 
User:
Just enumerate well and google about common vulns for the infos you find. Actually, there is an obvius hint that should lead you pretty quick to a shell.
Than just look at the juicy files you tipically cannot read in a CTF and you will escalate to user quickly.
Actually I think is not needed to get the user that has access to user.txt in order to get root - so you can try to enumerate more and directly root the box.
Root:
Standard enumeration, nothing hard, keep things simple, just make sure to CHECK two times your privesc commands to see something strange! Maybe double check these commands with the same commands outputs you have in your attacker machine to spot on something strange.
Thanks for this box! Great replacement for Jerry
Got root pretty simple, if someone need a hint, just PM me!
Rooted this box. If anyone need a hint feel free to PM me
@OzzY said:
Finally rooted. I just needed to step away and come back with a fresh set of eyes was all. Yup, don’t overthink the priv escalation on this box and look for the low hanging fruit. I searched and saw it not long after I got user, but didn’t take time to read. Had I slowed down I would have noticed something that hadn’t looked familiar. Good luck to those still hacking away–just keep it simple.
Same boat. Chased some rabbits but, in the end, it was very simple.
feeling a moron atm, i know should be easy to understand this b***** file, but i just cant get it