Rooted…,
I loved solving this machine
Got Root.
The foothold for this box was just kinda stupid. Maybe its just me and my general distaste for CTFy machines but after I got the initial foothold I was pretty disappointed. the “first part” is fine. However the way to get the "second part " for the initial exploit seemed more of a way to slow down the progress of rooting the box rather than trying to give an example of or teach anyone a concept. Maybe I’m being too harsh about it but It just seemed kinda uninspired on the creators part.
That all being said I actually did like this box after the foothold, user gave you a potential dead end and made you look somewhere else, which I personally like to see. Root took me 2 minutes, but its an easy box so I have no complaints. If it were not for the foothold.
this box would be great for someone who was just learning, because of the general enum concepts.
tl;dr
foothold bad, rest of box good
there are plenty of hints on the forum, but if you need additional help, send me a pm with what you tried so far and I will do my best to help.
props to @gotroot for the foothold nudge
Got Root.
My advise dont overthink too much on the root. Once you go back to basics for privsec yo u will see something odd and you kind of make it way from there.
People who have started new , good box.
Thanks to creator , learned couple of things, and thanks to @Mysther for initial foothold
Hi all, I’m currently stuck, I’ve managed to launch an MP shell, and I’ve found the file i need to find, but i can’t really do anything as far as accessing even user. Any nudges would be greatly appreciated, thanks.
Type your comment> @K0dy23 said:
Hi all, I’m currently stuck, I’ve managed to launch an MP shell, and I’ve found the file i need to find, but i can’t really do anything as far as accessing even user. Any nudges would be greatly appreciated, thanks.
I’m in the same position - got a shell, found the u***s.p** file with a very easily crackable hash - but I can’t seem to use this to bump my privs. I’m beginning to think I’m going down the wrong route…
@K0dy23 said:
Hi all, I’m currently stuck, I’ve managed to launch an MP shell, and I’ve found the file i need to find, but i can’t really do anything as far as accessing even user. Any nudges would be greatly appreciated, thanks.
@maaaks said:
I’m in the same position - got a shell, found the u***s.p** file with a very easily crackable hash - but I can’t seem to use this to bump my privs. I’m beginning to think I’m going down the wrong route…
If you have a users password, Linux allows a trivial way you can switch into that user’s context. It doesn’t always work, but it is always worth trying.
Even when it doesn’t work you will often get enough information from the OS to work out what you need to fix.
Rooted ! thanks to the help by @Sw33tp3a , @sysceen , @algernope ! I was searching difficult. Just make a break time and go again !
Rooted… For those who rooted: just curious if anyone have made any use of the *** transfer services in this box - or are these purely a rabbit hole?
Finally got it. Woot! Woot! Just like what everyone else says, getting the foothold was the biggest hurdle, but it gets easier from there…
I managed to login and now I am trying to go further but something is wrong. This is for the initial fh. Can someone give me a nudge?
Edit to update: Rooted!
Great box, lots of fun and I learned a lot, yet again. Great basic box for beginners, such as myself. I’ll try to throw a couple of hints that are neither too vague or giving too much away:
Foothold: Typical fuzzing on web directory. If one wordlist doesnt work, try another. I had to go through a couple to find what I needed. With enough diligence, you will find a user.
User: Once you have popped shell, what files can you find? Surely there is something juicy laying out in the open. Beware for rabbit holes!
Root: Took me way too long to find the vuln to gain privesc. Super basic Linux priv esc. Combine the powers you have with a recent exploit, and you will have your path marked for you.
I hope this helps without giving too much away. Feel free to pm me if anyone needs some assistance.
Thanks @egotisticalSW for the awesome box!
I can’t believe I got foothold easily and then I’m stuck on getting user when everybody says it’s the other way around lol.
I’m definetly (again -.-) overlooking things it seems.
Pretty easy box, you just need to enumerate carefully. If you need help, pm me
Thanks everyone who told others not to overcomplicate things when going from user to root. I lost many hours trying to figure out uncommon exploits too complicated for a noob, but your comments made me look for the simple stuff. Rooted, finally
Finally Root. Thanks to @UGlz for the initial nudge.
Good box. The Foothold took a while to figure out. The rest was not that hard if you pay attention.
Foothold: Bust your way around to get more info. Pick a tool any tool. Then you need to pay attention. Articles must be read all the way. Try to get as much information from the pages. That will point you in the right direction so you know what to google for.
User: Enumeration! Information is laying around. The previous enumeration will help you increment ;). Do some work on what you find and read carefully. Be superman!
Root: Enumerate and see what recent vulnerabilities the system has. This took 10 mins to exploit.
Feel free to PM me for push here and there 
Rooted
THe part from foothoold to user was tricky, if you have something interesting, after testing locally maybe you can give it a change searching online.
Fell free to pm.
Hey Hey Hey
I have root 
root@blunder:/# cd root
cd root
root@blunder:/root# cat root.txt
I did it the non OSCP friendly way though. I would love to know if anyone did it the OSCP friendly manual way. Drop me a PM if you did and willing to chat about it
Also PM me for nudges if you’re stuck somewhere.
Hello! I am looking for some nudges. Can someone please dm me and ill tell you what i found
rooted!
I was defiantly overthinking root, there were a few other recent exploits for root that looked promising. My advice, don’t spend time forcing an exploit if it doesn’t work, even if it looks promising, also I think its good practice to run some commands on your local machine and the target machine and compare/google the differences when it makes sense to do so.
PM for nudges