Even tough i’ve rooted i still have two kinks i’d like to iron out, and i would love to hear whether all’yalls came into contact with these problems too and how you dealt with them. Mild codified spoilers ahead:
While desserts are yummy, my manager couldn’t eat them because of cultural differences. Did you encounter this problem in Linux? How did you dealt with it? I tried learning the locale language, but that didn’t stop my manager from dropping dead.
No problem, some old dude once said “When God closes a door” or something. Anyways, once i finally managed to eat my dessert i was glad to hear some forestry secrets, the underground kind even!. The problem is, the local fauna wouldn’t believe me! Try as i might, their ears were as closed as their shells. So i got myself some play DoUGH and used its Really Super Awesome features to smash throuh instead.
Again, thank y’alls for the pushes and nudges, shoves and dropkicks!
I’ve been banging my head in the wall for couple of hours after getting the initial access, the one before www-data.
Understood what is the vulnerability, but I’m new to it, tried few things and it is really hard for me to get through it. Can someone DM me so I can share more info what I’ve find and if he can give me a little hint where to read and educate more for this vulnerability?
Man oh man, can anyone hint me how to work the ssh login… got the root password from the you know what and i saw the notes but i cant seem to use it… hint me baby <3
I found the root password and the “hint” in the Notes section, i have been trying for hours but have absolutely no clue how to use it to log in, some help would be greatly appreciated!
User Flag: it’s easier than you think to log in to the web interface. Then have a look through the app and read everything. There’s another user besides root. Find out info about it.
Root Flag: Get the user files. Brute forcing is an option, but as a hint, the password doesn’t use all “regular” characters. There are public PoCs to exploit the given files. Search the results on google and reward yourself with a pudding for completing the machine.
The user flag was a pretty easy. Don’t overthink just use whatever you get. I feel the privesc was kind of new. If anybody is stuck at privesc DM me.
Thank you @7H31NTR00D3R for the support in privesc.
Might I suggest converting it to something usable.
Side note: I did everything on Kali and didn’t need to move anything to Windows since I’ve seen a lot of talk about that, so it is doable solely on Linux.
