Hi, I’m struggling with this too. I wonder, how is the exploit supposed to work on the target? I can’t find that config file too. Supposedly correctly compiled and launched exploit says: “Waiting for rotating” with nc listening in a neighbouring pane… just as usual.
Yes, that was a bit tricky that the box is slightly different from the lesson’s example:
The explanation form @zjkmxy was really helpful, also can recommend this article (quite same set up as the box), also uses different payload
No. The box is specially designed so that the configuration file is inaccessible (/root/logrotate.conf if my memory is correct). You only need to figure out the correct log file, no need to read the conf.
Not really. The log file needs to be writable to us, but not necessarily owned by root.
You can try to echo some random contents into every log file you found. After a while, one log file will be rotated (that is, XXX.log becomes empty again and your content were put into XXX.log.1). That is our target.
I am blocked in this exercise, I have accessed with ssh and I have seen that there is the backups folder with acces.log and acces.log. But I don’t know where the achievement file is, if someone could help me I would be grateful.