Networked

0wned!
Really fun box, thanks @guly for the challenge & and making things people can enjoy.

For hints, feel free to PM me.

Hey guys, I am stuck for two days on root now… Any hint appreciated! I am on the s**o run script and iread the output already. But still with tons of inputs now I did not find the solution.

Type your comment> @vider said:

Type your comment> @rfalopes said:

I cant make nmap scan… All ports filtered, what I do?

isn’t… try with a deep nmap scan… you will have 2 ports…

Show me this message:

Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 19:04 WEST
Nmap scan report for 10.10.10.146
Host is up.
All 1000 scanned ports on 10.10.10.146 are filtered
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
1 … 30

OS and Service detection performed. Please report any incorrect results at Nmap OS/Service Fingerprint and Correction Submission Page .
Nmap done: 1 IP address (1 host up) scanned in 220.61 seconds

What i do? Thanks a lot…

Ahh, finally done with networked! I really need to say that some of the people have given dumb and useless hints here like “JuSt EnUmErAtE bRo, ItS rIgHt tHeRe iN fRoNt oF yOu”.

Initial foothold:
Understand the source

User:
Check for pebbles in the path in the source

Root:
It’s too EZPZ but most of the people(including me) didn’t understand how it worked! Just play around user input and there you go!

Got user,
let’s move on the root :smiley:

Type your comment> @rfalopes said:

Type your comment> @vider said:

Type your comment> @rfalopes said:

I cant make nmap scan… All ports filtered, what I do?

isn’t… try with a deep nmap scan… you will have 2 ports…

Show me this message:

Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-05 19:04 WEST
Nmap scan report for 10.10.10.146
Host is up.
All 1000 scanned ports on 10.10.10.146 are filtered
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
1 … 30

OS and Service detection performed. Please report any incorrect results at Nmap OS/Service Fingerprint and Correction Submission Page .
Nmap done: 1 IP address (1 host up) scanned in 220.61 seconds

What i do? Thanks a lot…

Buddy, I wrote you a PM.

So im new to reverse shell. Any good papers that explain the process that closley resemble this box? I have the .tar and can see the files but I cant seem to find a good write up on how to use shell. Sorry im a noob.

Hi. Anyone encountered this error?

ERROR : [/etc/sysconfig/network-scripts/ifup-eth] Device guly0 does not seem to be present, delaying initialization.

Finally rooted!

ROOT: Find the ch…sh file. Read the file. Ignore the ERROR - Message “ERROR : [/etc/sysconfig/network-scripts/ifup-eth] Device guly0 does not seem to be present, delaying initialization”. Try the default linux commands and keep going.

Thanks to @r0mka

Rooted !

Thx to the owners !
Easy root but fun box !

Got user, it was pretty straight forward: Do your regular enumeration and find relevant files and where they exist it too.

On root right now, I think I figured out where it is, it’s just I don’t know how to escape the right character, apparently. Any nudges would be appreciated.

Can someone please help me out for user?

I am reading the c****_a**** file, but I don’t understand, it writes to a file, then deletes the file, it sends some output to /dev/n**l, and sends ma*l (which I can’t access).

Some hints suggested “timing”, but am I really supposed to loop so I can hopefully get the file content before it gets deleted?

Is there someone willing to help? I am trying to get user and need a nudge…

Eaaasy Root Privesc!

TIP: Just FUZZ the script inputs and study the output.

Thaaanks @guly :wink:

Type your comment

I’d like some help with root I’m pretty sure I found where the vurnable point is. I’m unsure what do to though.

Got root, though not fully sure how it worked, but I will give some hints that would’ve saved ME a lot of time

Read and UNDERSTAND this link:
https://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt
…also " ; " :slight_smile:

Root:
I wasted so much time because of this, but see what you can run as root with your privilege, if the “thing” tells you no privilege to make changes, then you aren’t executing it properly. Execute it properly and errors will dissapear (at least the privilege ones)

You aren’t fully there yet, but trial and error.

Type your comment> @NicksEmporium said:

Rooted

shell: upload something
user: add something
root: tell it something

PM if stuck

Hello, i cant upload the pp file to make a rert sh… I change the “Content-Type”, the “filename” to .pg.pp and nothing. I try put some initials bytes from a png image in the request but noting… Im missing something?

Finally got the root, I wasted so much time on root just cause I didn’t use sudo, It was fun though.Thanks to everyone who helped me out.PM me if you’re stuck!

Type your comment> @CRYPT0HEX said:

Guys need help with user?

Yes :frowning: