Official Ambassador Discussion

Great Box, on the easier side for medium, nearly rabbit holed myself for a while though.

User: basic enum, some research, obtain a database file, look in tables other than the usual one…
Root: little confusing if you have never seen this software before but look for a .git dir and read up on some documentation/exploits and you should be good.


If anyone knows how to root manually, please PM me. Spent several hours trying to figure it out.

Just rooted, box was a lot of fun the whole way through. Was really nice to see a Hugo site on a box too, my personal fav static site gen.

Hi! Any hints on the priv esc please? I feel I’m really close :smiley:

You want to make sure things are HEALTHy. be sure to CHECK if they are. A running service should be willing to do it for you.


How to fix (trying to connect to mysql)? Plugin caching_sha2_password could not be loaded: /usr/lib/x86_64-linux-gnu/mariadb19/plugin/ cannot open shared object file: No such file or directory

UPD: fixed by using docker mysql (dk why kali mysql not work)

Rooted. Not a medium box, more like easy.
PM me if you need a nudge

How to find the grafana username and password?
I did not find in the python file

I can’t log into the mysql server even though I got the password for it. (I copy pasted the password)

Same as you, got gr**** username and d****** password but I have access denied when trying to access. Did you solve that ?

Do not miss the ‘!’ when copy pasting

already solved; I misspelled the username :slight_smile:

How did you do to submit the flag ? Does not work on my side

I’d say keep looking in databases and its tables that may have an another password in mysql server

also if you’re still stuck on access denied, here’s a hint: there is one f in the username.

Did you resolve this ? I have the same issue with user.txt and root.txt flags

Am I the only one that has error message when submitting flags ?

1 Like

Facing the same issue here with both user.txt and root.txt.
Should we be calculating any specific hash or just paste the value directly?

Rooted…a pretty straightforward but interesting box, DM if anyone needs a nudge.

Hey man, I am stuck at getting a foothold on ambassador… I spent alot of time trying to use the ppp service , brute forcing mysql and the ssh.

Fun and easy box!

My privesc was a bit weird:

Try an exploit - Doesn’t work.
Change things in the exploit code - Still doesn’t work.
Revert all the changes - Exploit works now.

1 Like