there is no cve for root bro just take a careful look at the opt dir and you will figure it out
Just figured I was on the wrong exploit. The right one seems to be spel. But how did you know what page to point that exploit to (Target URI).? How did you decide that?
Just got shell. Thank you Haz.
1 Like
that was thanks to @Paradise_R hint i was able to find that exact file by fuzzing
you are welcome
I need hint for root : It seems that my yml file is not executed, as all yml file are removed before executionā¦ Iām missing something or the box is corrupted ?
Good day. I am completely lost with this. Iāve only gotten to where I can upload an image.
But after that, I have no clue what else to do.
Please assist
When I run my command I get the error āprovided hosts list is empty, only local host is available. Note that the implicit localhost does not match āallā. That error when running the command. Iāve tried : 127.0.0.1, webappā¦and removed that partā¦I canāt edit the hosts fileā¦
I have found the ssh password but I can not login to ssh with the password of phil. I get permission denied (publickey, password).
I have tried that, and it is still giving me the same error.
1 Like
Couldnāt get it to workā¦the /bin/bash -p
Rabbit hole Iām guessing. Canāt use a public key. Iād Google what you found on nmapā¦and not port 22ā¦.that will lead you to the footholdā¦
the same thing i face
Looking for some help with the privilege escalation I know im on the right path found it in the directory that starts with o. I am trying the payloads found on gtfo and still cant figure it out any help is appreciated please DM me!
Guessing the issue starts with you canāt write anything in the O folder; and anything you drop in it is deleted, lightning fast?
finally rooted after 12 hours back and forward looking for something that already been obvious! fun box btw!
how 
This might sound redundant, but be sure to copy the template provided by the box to get either you priv esc. shell or the suid route if you decide to go that way (just be aware if more peeps are on the box it might ruin that for them) - infinite thanks to @Paradise_R your tips helped a ton!
1 Like
ask for a reset
1 Like
just use linpeas you will get the most simplest exploit of all, it actually has suid set find it and exploit it, very simple donāt even have to escalate to other user to be able to use it, instant root.
can anyone give me hint what to do in /show_image??
I have a very odd issue with this mashine.
I cannot get linpeas uploaded.
Shells get uploaded no problem but when I try linpeas it does not work. I tried the .sh and amd64 file, neither can be uploaded to the /tmp directory. I have even tried multiple methods uploading.
I think it is a permissions issue., although that does not explain why other files work.
Could someone who has done it successfully please tell me what they did?