Official Ambassador Discussion

Fun and easy box!

My privesc was a bit weird:

Try an exploit - Doesn’t work.
Change things in the exploit code - Still doesn’t work.
Revert all the changes - Exploit works now.

1 Like

Rooted! Path to user relatively easy.
Priv esc to root had my head spinning. Used an automated method which I didn’t think would work so I guess I got lucky. Feel free to DM for help.

for those who get stucked in root here are some hints that may help you :

-look for .git folder and search in google what is it and how you can extract history from
-show commits in git log and look closely in the outputs (you can know what kind of application has been used ‘Consul’ and read the red lines it contains helpful info ‘Token’ you are gonna use for exploit.
-if you use linpeas look for the ports used locally you will find something that can use for RCE
-search about Consul RCE ( you may find exploit script in GitHub )

1 Like

hey guys is it like user.txt content changes?

see when i initially got user i added the flag and it got accepted, after getting root shell , i opened user.txt and flag was entirely different, i tried to add it and it said user flag is already added.

Fun box with enumerating and research, enjoyed particularly the privilege escalation. Had trouble getting a certain leak tool to work tho

Struggling with go on decrypting the AES. I get “no required module provides package go.mod file not found in current directory or any parent directory”

Anyone come across this problem? Can’t find any solutions online.