Got root. PM for hint/nudge.
Rooted!!
This machine was awesome… Initial foothold to root in one hour if you know the correct way to root… I just loved the root method… It was so easy…
If anybody need help PM me…
Finally rooted this last night, overthought it far too much!
@pratheepan8 said:
Hey guys rooted this machine. I just wanna discuss how to get root shell in this machine?
if you can read, maybe you can write 
ight, rooted, personally found user harder than root.
Also for some ppl offering help, stop playing word games plz. ppl ask you a specific question, don’t just answer ‘maybe’ cmon, elaborate!
Feel free to PM me for help.
can anyone help me, i get 0 packets captured when capturing ldap packs with tc****
EDIT: ROOTED. Thanks for all the hints guys. really appreciate it. Great priv esc if I may say so.
I’m ld***1 and can use opsl to read/write. what next?
nevermind, wrong op***sl
I’m trying to get user. I managed to get ******er2’s LDAP password, but I am now stuck. I know I somehow need to get access to ******er1’s SSH account, but I can’t even SSH in ******er2’s account using that password. Can someone PM me a hint or anything?
can someone help me with t****mp i dont get anything
Rooted, thanks to @cornholio for User, thanks for forum hints for root, it was way easier than I tought.
Feel free to PM for hints.
Got user, followed the trail so I could switch user twice, but now I’m kinda stuck. I assume I have to use the binary that’s not t**p to read the flag from root folder, right ?
If someone can pm me about my assumption, that would be awesome !
EDIT: got root, thanks to @clmtn for confirming me I was on proper tracks and @Nofix for the awesome ressource !
Anybody else get a root shell? Wondering if someone did it different than me
The webpage doesn’t even load for me, what insanely small detail am I missing here…
Ok, this is an odd request. I got the ldap*1/2 passwords, the root flag and the user flag, but I never figured out how to escalate from the initial shell. Would someone mind PMing me and walking me through the proper way I was supposed to do this? I know I didn’t do it the right way.
I need hint, stuck on getting root. I am logged in as ldap1. I read the man page for op****l twice. Can’t figure out away to use it to read files
Got both flags but no root reverse shell
Also, when people have rooted a box please can they remove any access they created (like an account with root privileges that I could just su to without a password. Although I didn’t use this to get the flags).
Anyone got tips/hints for initial enumeration? Done initial nmap etc, but not sure on where to go from here for this box 
Drop me a dm and i see what i can do to help
Got root + root shell
Fairly straight forward
Standard nmap enumeration
Initial foothold
Read whats in front of you clearly - specifically what runs on port 80 !
1st user : The box name is a dead giveaway as to whats going on. Leverage your attack internally, might take a while to get want you need - try multiple queries
2nd user : don’t over complicate things - a basic list is all you need
Root flag - look whats in front of you and see what its capable of. If its not behaving how you expect it might be worth specifying direct path (this got me stuck for a couple hours)
Root Shell - if it can read then it can also write