Foothold and user : Well, guys are wright ! Don’t look for any webapp but a daemon. There’s a recent vulnerability on it. I’m shocked ! :neutral:
Root : well. I see a knife thing. Is it this ? … thank you guys for leaving hack tricks on server. So the answer was just in front of my eyes but I missed the chance to search a bit by myself .
Thanks to @zvfhxxxxz and @elveskevtar for the nudges.
Anyone ever have trouble submitting a root.txt flag and getting “incorrect flag”?
EDIT: It appears the flags change when the box is moved from the release arena to the active machines section. Re-rooted and got a different flag which was accepted.
If anyone has a question i would be happy to help you out!
User: Look for version number on what the website is running would be my main pointer
Root: don’t look to far you will only need to enumerate 1 command and do some googling (maybe you will see it without google) and than it 1 simple command and you are root!
is anyone willing to provide hint, stuck at root.
got user using Chinese help.
try to see what you can do as the user, and remember that often the name of the box is some form of hint … (linpeas can help but you should do this basic enum everytime for easy / medium boxes)
after that, read the documentation online and with trial and error you should be able to get root !
Rooted. This was a fun box.
User: Don’t rabbit hole… There is much information in the ways of recon
Root: You should find what you need almost immediately. Remember your Priv Esc enumeration and what your user can do… Then from there… look for how the tool can be leveraged…
SPECIAL HINT: A good rule of thumb (In general that MIGHT be applicable to this box) is to remember that there are other shells that have already been written… Sometimes generating your own isn’t necessary.