Lightweight

im on 127.****** shell in here. so wht should i do next. plz

cn sm pm me. need help guyzzzzzzzzzzzzzzzzzzzzz

@korrey said:

@lnx said:

@Phrenesis2k said:

@IteXss said:
hi mates, i have been trying to capture the intended packets for a while, but nothing seems to be working!!! can someone who already did it, give it a try to check if it is working?

Output it to a file and read it with another packet reading program on your local machine.

xxd is quicker :slight_smile:

Even strings can do the job!

Or you can use ‘-A’ option to display results in ascii format.

Hi guys.

root shell owned! I really learned new things on this machine. PM me if need hints :slight_smile:

@Baikuya said:

@Skunkfoot
It helps if you’ve completed Frolic.

Dont you mean Waldo?

No, I meant Frolic, but completing Waldo will help too for a different part, so that’s a good point.

@librab103 said:

@Skunkfoot said:
This one was quite confusing for me, couldn’t have done it without the hints that I got. The flow just didn’t really seem to make sense to me. I’m gonna go back tomorrow and redo it starting from the beginning to see if it makes more sense now.

A couple issues I ran into:

  • You may need to visit a couple of the webpages a couple times in your local browser to generate that which you seek for access to a certain user.

  • If you’re having trouble cracking anything, try reinstalling your tool or looking for alternatives.

  • Always start with a small wordlist, don’t jump straight to rockyou if you can avoid it. Sometimes the string you’re looking for is simple.

  • For root specifically (at least the flag, I haven’t gotten the shell yet, one of my goals for tomorrow), when you’re looking at what you’re able to do, one of these things is not like the other. What can you do with that thing? It helps if you’ve completed Frolic.

Are you using Burp or your browser’s inspect option to view the data going between host and remote?

No, or I don’t understand the question. You don’t need to inspect any captured data between you and the remote host, if that’s what you’re asking.

stuck on user priv esc… i’m in via ssh but can’t seem to find traction within, any nudges?

Finally rooted, thx to @avetamine and @IteXss for heads up.
Also getting root shell is a nice challenge.
Still missing some understanding about how this o****** is capable to do it. Would be nice if someone could PM me to discuss if my assumption is correct.

They deleted my post because probably was considered a spoiler, anyone having questions can PM me

@Uvemode said:
Got root and all, but I’m curious, how exactly?
‘It’ was blank, therefore shouldn’t be able to do anything special. I checked and blank means nothing, even with those ending flags. except that previous ‘it’ were removed. Surely I missed something.
@avetamine
There is a c function that translates a textual representation of what you can do into a binary one. In the man page there is also a section about what it means when ‘it’ is blank.

@Skunkfoot said:
@Baikuya said:

@Skunkfoot
It helps if you’ve completed Frolic.

 Dont you mean Waldo?

No, I meant Frolic, but completing Waldo will help too for a different part, so that’s a good point.

 @librab103 said:

       @Skunkfoot said:
 This one was quite confusing for me, couldn't have done it without the hints that I got. The flow just didn't really seem to make sense to me. I'm gonna go back tomorrow and redo it starting from the beginning to see if it makes more sense now.

      A couple issues I ran into:

      
 * You may need to visit a couple of the webpages a couple times in your local browser to generate that which you seek for access to a certain user.


 * If you're having trouble cracking anything, try reinstalling your tool or looking for alternatives.


 * Always start with a small wordlist, don't jump straight to rockyou if you can avoid it. Sometimes the string you're looking for is simple.


 * For root specifically (at least the flag, I haven't gotten the shell yet, one of my goals for tomorrow), when you're looking at what you're able to do, one of these things is not like the other. What can you do with that thing? It helps if you've completed Frolic.


 




  Are you using Burp or your browser's inspect option to view the data going between host and remote?

No, or I don’t understand the question. You don’t need to inspect any captured data between you and the remote host, if that’s what you’re asking.

@Skunkfoot
I dont see why completing Frolic helps in this Box ?. May PM me i dont get it

edit

I’m a bit disappointed. After I got user1 it took me less than 5 minutes to get root. But that’s not because I’m a good pentester but because the ‘hints’ in the forum where almost a spoiler.
When I got user1 I already knew what to do to get root. I don’t feel I cheated because in the end I had to understand and know what to do but I do feel I was spoiled a little.

The most difficult part, or at least the part that took me more time was going from user2 to user1 and that’s because I’m a bit lazy.

Good box, I enjoyed it a lot. Thanks to the creator and thanks everybody for the help-

Sooo…i found two creds whilst logged in with the “easy” access account, both turned out to be $6$salt$hash. Been trying to bruteforce for a whole day using assorted wordlists etc. with no luck. Am I missing something?

any hints for root privesc???
cracking ba****.***

@mrflibbleoz said:
Been trying to bruteforce for a whole day using assorted wordlists etc. with no luck. Am I missing something?

Brutforcing is a rabbit hole, though accounts are usefull. You should think about a different approach to get the passwords.

@prokaryont said:

@Uvemode said:
Got root and all, but I’m curious, how exactly?
‘It’ was blank, therefore shouldn’t be able to do anything special. I checked and blank means nothing, even with those ending flags. except that previous ‘it’ were removed. Surely I missed something.
@avetamine
There is a c function that translates a textual representation of what you can do into a binary one. In the man page there is also a section about what it means when ‘it’ is blank.

You are right, it was at the man page. Just didn’t check for the right keywords.
Thanks.

Yes thanks for the insight @prokaryont

@mitoOo said:
any hints for root privesc???
cracking ba****.***

Once you crack that file and read the contents carefully, it should be straightforward. PM me if you need help

@epsequiel said:
I’m a bit disappointed. After I got user1 it took me less than 5 minutes to get root. But that’s not because I’m a good pentester but because the ‘hints’ in the forum where almost a spoiler.
When I got user1 I already knew what to do to get root. I don’t feel I cheated because in the end I had to understand and know what to do but I do feel I was spoiled a little.

So, as a tip, maybe you shouldn’t read through the forums if you dont want the hints.

@TazWake said:

@epsequiel said:
I’m a bit disappointed. After I got user1 it took me less than 5 minutes to get root. But that’s not because I’m a good pentester but because the ‘hints’ in the forum where almost a spoiler.
When I got user1 I already knew what to do to get root. I don’t feel I cheated because in the end I had to understand and know what to do but I do feel I was spoiled a little.

So, as a tip, maybe you shouldn’t read through the forums if you dont want the hints.

Of course, but in my case I was looking for hints on getting user1.