Finally rooted, this one was really fun!
Spent ages banging my head on the initial low-priv shell but after that it was a nice CTF-like experience. Thanks for this one!
I need a nudge on getting foothold… anyone?
Init: Mira como funcion la pagina cuando haces una consulta al PATH con hojas de estilo y sin las hojas de estilo, puedes utilizar wfuzz.
User0: Analiza el codigo y Utiliza Python para ejecutar lo que quieres, codificando lo que envias, si deseas ver la ejecucion de comandos haz una consulta con nslookup a tu maquina, ve el resultado en Responder o un simple ping.
User: Analiza y Python nuevamente, utiliza el script para obtener lo que quieres, no es necesario crear tu propio script.
Root: Python, otra vez. Analiza, watchaLO y cat, y cat o rip.
:v
could someone give me a hint, what should i do?, i found the server have any exploit for the server i have to use or am i on the wrong way?
Really fun box and pretty straightforward, especially if you know python well. PM me if you need some help.
PM if you need a nudge
Type your comment> @up2nogood said:
I need a nudge on getting foothold… anyone?
anytool IP/FUZZ/child
Rooted.
root@Obscure$ id
Output: uid=0(root) gid=0(root) groups=0(root)
one of the easiest boxes. as a Software developer it was pretty fun for me.
First time dealing with injection of any kind. I’ve got the py script and see the execution vulnerability but at the moment no clue how to go about injecting the command I want to execute. Can anyone give me a nudge?
Rooted.
Learned a lot about the the language. Thanks to @GhostSquad for the help for the user.
DM for help.
Got the user after literally 3 weeks of working on the box. Had HUGE amounts of help, but since this is my first user, I am very proud of the stuff that I have learned. Going for the root now.
rooted! Fun box. If anyone is having trouble generating the key, look at the code CAREFULLY and see what it does to each argument !!!
Rooted! Have learnt a lot from this lab.
I still have one question maybe someone can answer it. When I got the root credentials, I couldn’t use ssh to login and I had to switch to root from user. And I have checked the configuration, the passwordlogin is not disabled. Any ideas?
I need a nudge with the foothold. I have the py script and have spotted the vulnerable part in the script. I have a way I think should give me RCE but when i run the curl with my code I get an empty response from the server? Am I way off? Some help is very much appreciated. I can PM my cURL command if someone will give it a look and maybe give me a nudge.
edit: Thanks to enpassant for helping me out.
Can anyone PM me about root. I realize what is going on with B*******H and I know that I am in a race with the program but I cannot for the life of me figure out how to go about it.
Any help would be appreciated ^^
A lot of head banging at the beginning, but finally rooted. Thanks @clubby789 for the challenge and fun!!
PM me for hints, more than happy to help!
Rooted. I was really thinking way too hard for Root. Thanks N0tAC0p for his help.
If you need help PM for hints.
Rooted, though I’m pretty sure I completed it in the “wrong way”. Loved the path to user!