I think i am in the same boat as @CuriousJ
I have been so focused in the a**** realm that i barely touched the db. Thought it was a rabit hole at first but not so sure now with this hint. Most of the higher end queries i attempted i got a may not have permission to do this so i gave up on the db.
Let me know how you get on @Ghost40 as i’m sure between us we will work it out! 
Although i’m busy for an hour or two now so good chance you will get through it well before I will!
Just rooted this box. No need to alter any exploit code, runs ‘off the shelf’ if you read the instructions. Happy to give nudges - PM me if required.
Rooted, was missing a silly thing to expolit, thanks @cyberafro for the hint.
User: lazy admin, you create a list of your enumerated users against a list of possible passwords, mst sb lnin module to get the correct user/pass combo.
Root: check the group to which the user belong, google the PoC, run it.
user is basically a guessing and root is fixing the poc and running it.
not really a fan of this box
I have to agree with @ryan412 here. Getting user took me a lot longer than it should have simply because I didn’t guess the obvious fast enough. I tried a lot of other “obvious” things but not the right one.
Priv esc was surprisingly easy and close to click, click pwn.
I wouldn’t say I disliked this box, but it was a bit disappointing in places.
got root
thx @igevi for the hint to root
pm me if need some hints
The initial guessing will be the death of me. Can’t seem to guess the ‘obvious’ password…
*~ Got it, Just needed to try with other users…
I managed to get user and root . Very interesting machine.
Hint for user, be lazy, check the very obvious thing first but then dont go storming the same door that allowed you to verify the discovered credentials, use them to poke around.
Hint for root, see what is installed and what is running then find the exploit online. DOnt be a script kiddy though, youre gonna have to find the proper way to use that PS script.
Kuddos to the maker!
Aye if anyone can message me a nudge to find the POC that would be great. Searching around and not finding much for Ae A*
found the Right local poc. ebil crashes when i run it. do i need to specify another port?
anyone can help me with guessing for the foothold i seems really not able to guess it out my head is burning
Type your comment> @imousrf said:
anyone can help me with guessing for the foothold i seems really not able to guess it out my head is burning
Just start with basic enum then take advantage of lazy users bad habits for password choice
Type your comment> @cyberafro said:
Just start with basic enum then take advantage of lazy users bad habits for password choice
just got it thanks to you and @sinanozdemir
and yeah just basic and lazyy
i found a list of users but i cant login with any common passwords. I’ve tried guessing basic ones and some popular wordlists. what am i missing? can someone DM me a hint for the foothold?
@SirFIS said:
i found a list of users but i cant login with any common passwords. I’ve tried guessing basic ones and some popular wordlists. what am i missing? can someone DM me a hint for the foothold?
It is a little bit annoying but when you get this you will kick yourself. You have enough information right now and you even have a password, you just dont realise it yet.
Take all the lists of information you have now and make a wordlist out of it.
Then try that.
I have it and you’re right @TazWake I am kicking myself for missing it.
Rooted. Feel free to PM me if you need a nudge
Just rooted.
-
user: no major skills are needed and hte overall process is very similar to many other boxes. Indeed, getting the first shell is all about the common admin laziness and the normal enumeration.
-
root: learned something new. Despite the fact that i’m really potato with ps and s**, eventually I discovered a new way to get the info I need.