can someone help me with t****mp i dont get anything :slight_smile: pls pm me

@Silky said:
can someone help me with t****mp i dont get anything :slight_smile: pls pm me

I’ve sent you a PM. :slight_smile:


Please can anyone provide me with small hint as how to move from initial shell towards users … i am stuck here for days and can’t find anything interesting … any help is appreciated.

Think I might’ve dodged a bullet or two with bruteforcing and unnecessary hashes, so (both) user part weren’t that hard.
For root though, been playing around for a few hours with o***sl and t*****p, but I just can’t get it yet.
Also, I haven’t been able to upload the .p
f files to my local machine, so I’m wondering if the solution is in there at all.

the only hashes i got through tmp are "{crypt}$6$xJxPjT0M$1m8kM00CJY*********GFQvk3boaymuAmMZCOfm3OA7OK***********************


is this right ?

(8) Took 4 days
Learnt little bit of capabilities.

I have got ldapuser2’s value from t****p. It looks like h**h or pass but it’s not useful. I can’t decode it too. How can i use or decode this value? Any hint related to it? Thanks.

@kaptangenzo PM’d you

Nice Box, thanks for creating this, i learned something about ldap and tcpdump…

Just passing by to share a script to brute force .zip and .7z files:

ROOTED got root.txt and root shell.

anyone feel free to PM me for a hints.

but I will write here maybe better lol .

ldapuser2 : use tcpdump to monitoring ldap traffic, sometime it need penetration LOL .

ldapuser1 : crack that 7z .

root : see the capabilities what on your home directory, T****P is a rabbit hole, focus on the other one. try to understand what capabilites can do / that one can manipulate to get whatever you want…
waldo machine will help much on this Im sure.

I hope it’s not a spoiler

Nice one !
Had a bit of a hard time to get the user but its all in the topic here.

  • root shell, too.

Great box. Huge thanks to @LegendarySpork for the help. Learned a lot. Happy to help anyone in need! PM me

Got root. PM for hint/nudge.


This machine was awesome… Initial foothold to root in one hour if you know the correct way to root… I just loved the root method… It was so easy…

If anybody need help PM me…

Finally rooted this last night, overthought it far too much!

@pratheepan8 said:
Hey guys rooted this machine. I just wanna discuss how to get root shell in this machine?

if you can read, maybe you can write :dizzy:

ight, rooted, personally found user harder than root.

Also for some ppl offering help, stop playing word games plz. ppl ask you a specific question, don’t just answer ‘maybe’ cmon, elaborate!

Feel free to PM me for help.

can anyone help me, i get 0 packets captured when capturing ldap packs with tc****

EDIT: ROOTED. Thanks for all the hints guys. really appreciate it. Great priv esc if I may say so.