Official Ambassador Discussion

Mud · October 25, 2022, 6:49pm

Great Box, on the easier side for medium, nearly rabbit holed myself for a while though.

User: basic enum, some research, obtain a database file, look in tables other than the usual one…
Root: little confusing if you have never seen this software before but look for a .git dir and read up on some documentation/exploits and you should be good.

GuyKazuya · October 26, 2022, 1:20am

Rooted.

If anyone knows how to root manually, please PM me. Spent several hours trying to figure it out.

elquesobandito · October 27, 2022, 1:19am

Just rooted, box was a lot of fun the whole way through. Was really nice to see a Hugo site on a box too, my personal fav static site gen.

burnplease · November 4, 2022, 12:43pm

Hi! Any hints on the priv esc please? I feel I’m really close

jwuzke · November 5, 2022, 4:43am

You want to make sure things are HEALTHy. be sure to CHECK if they are. A running service should be willing to do it for you.

flymomike · November 22, 2022, 4:37pm

Nvm

Lnevx · November 23, 2022, 5:16pm

How to fix (trying to connect to mysql)? Plugin caching_sha2_password could not be loaded: /usr/lib/x86_64-linux-gnu/mariadb19/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory

UPD: fixed by using docker mysql (dk why kali mysql not work)

Lnevx · November 23, 2022, 6:38pm

Rooted. Not a medium box, more like easy.
PM me if you need a nudge

4ji7h · November 24, 2022, 3:44pm

How to find the grafana username and password?
I did not find in the python file

kamithequeen · November 24, 2022, 5:19pm

I can’t log into the mysql server even though I got the password for it. (I copy pasted the password)

hmznls · November 24, 2022, 8:43pm

Same as you, got gr**** username and d****** password but I have access denied when trying to access. Did you solve that ?

UPDATE
Do not miss the ‘!’ when copy pasting

kamithequeen · November 24, 2022, 9:06pm

already solved; I misspelled the username

hmznls · November 24, 2022, 9:09pm

How did you do to submit the flag ? Does not work on my side

kamithequeen · November 24, 2022, 9:10pm

I’d say keep looking in databases and its tables that may have an another password in mysql server

also if you’re still stuck on access denied, here’s a hint: there is one f in the username.

hmznls · November 25, 2022, 9:01am

Did you resolve this ? I have the same issue with user.txt and root.txt flags

hmznls · November 25, 2022, 2:24pm

Am I the only one that has error message when submitting flags ?

adip · November 25, 2022, 4:09pm

Facing the same issue here with both user.txt and root.txt.
Should we be calculating any specific hash or just paste the value directly?

d3f4u17 · December 6, 2022, 6:48am

Rooted…a pretty straightforward but interesting box, DM if anyone needs a nudge.

3urd_Party · January 3, 2023, 8:40am

Hey man, I am stuck at getting a foothold on ambassador… I spent alot of time trying to use the ppp service , brute forcing mysql and the ssh.

h6x · January 5, 2023, 1:27pm

Fun and easy box!

My privesc was a bit weird:

Try an exploit - Doesn’t work.
Change things in the exploit code - Still doesn’t work.
Revert all the changes - Exploit works now.