So, after a ton of googling I took a hint and ultimately priv esc’d. I have not been able to connect the automated exploit to the vulnerable webserver when I search for exploits via google. I am wondering what search people used or what specifically they found on the box that led them to the exploit. I am curious about how people made that connection
rooted right now, I really liked this box. DM me for hints
I would appreciate a hint on foothold box - I am pretty sure I am on the right track but I can’t move further
What a fantastic box! @TheCyberGeek thank you so much, I had a blast. This box contains a lot of learning and fun. Reading other people’s hints on how to get to root, there’s nothing I’d like to add. Enumeration, Google, be persistent and be sure to enjoy the wild ride!
DM me for hints.
Type your comment> @StefLan said:
I would appreciate a hint on foothold box - I am pretty sure I am on the right track but I can’t move further
Finally got it lol
Got root finally, after few hints. Very hard machine.
Hint for root: not setting forceexploit true costed me two days of headbanging…
Got root. I think this VM should be classified as medium
I’ve found rem*** fi** Inc****** and therefore creds to db, but at this point i’m stuck. Can I ask for any hint?
Rooted…!! I am not a Guru but this has to be the easiest hard-rated machine ever…This box really should be medium. I admit, the root part was a real pain but as a whole, I don’t think this should be a hard box.
Foothole:
Read your scans well, Don’t even miss one [+] and see if you can get the one out of “top ten”.
Not only Github has wordlists “Hacktricks” does too.
User:
Enumerate the FS well, It’s a guessing game (Home sweet home).
Some people really love /bin/“sh” than /bin/bash.
Root:
How can I get a PID
“man ssh” and console is always useful
Pentester Academy is a place where you can learn a lot of stuff
I hope these little hints will help you…If you need help just DM me…I will try my best to help you
Type your comment> @kavigihan said:
Rooted…!! I am not a Guru but this has to be the easiest hard-rated machine ever…This box really should be medium. I admit, the root part was a real pain but as a whole, I don’t think this should be a hard box.
Foothole:
Read your scans well, Don’t even miss one [+] and see if you can get the one out of “top ten”.
Not only Github has wordlists “Hacktricks” does too.User:
Enumerate the FS well, It’s a guessing game (Home sweet home).
Some people really love /bin/“sh” than /bin/bash.Root:
How can I get a PID
“man ssh” and console is always useful
Pentester Academy is a place where you can learn a lot of stuffI hope these little hints will help you…If you need help just DM me…I will try my best to help you
Sent you a DM 
Took me a few days to get root !
Foothold: Basic enumeration + CVE. Again basic enumeration + CVE. Check the version first!
User: Actually you don’t need user to get root … Still have no idea how to get here, and I stuck in a rabbit hole for a long time.
Root: Basic enumeration and dig a tunnel for yourself. Again basic enumeration + CVE, once you get here you must be careful to set some flag and the shell would come back. Now you’re in the jail, don’t overthinking here just try the easiest one first.
Rooted.
Trickiest part was getting the foothold to work actually, the rest was pretty straightforward. Learned a lot on the final step as I took the opportunity to really read “everything” available about escaping, could have been done in a couple of minutes I suppose.
You can DM me if you need any clues
Hi
Everyone is dropping cryptic hints about getting root.
But none of it makes sense and I feel like I am in in the wilderness.
I have an exploit that seems to work from the foothold I have .
But the msf exploit is welded to a specific payload that uses the linux command c*** - which is not installed on the box.
I am only using metasploit because this is the ONLY version of the exploit that I found.
So - i can read and eunmerate and set all the flags in the world.
But that wont make curl work on a box on which curl is not installed.
So do I try and hack the msf payload to use ‘nc’ or do I try and find a different version of the exploit or do i need to roll my own???
cheers,
non-at
EDIT: ok i found a way in … sorta. now i need a way to break out …
Spoiler Removed
Hi:) I’m stuck on the root part. For the service that I need to exploit, does it is a cur** service maybe ? Because since some days this service disappears from the process, even with many reset…
To get user, I found the thing to get to the spiky thing, but I can’t get the snake to get me into the box for some reason.
Great box,
I didn’t end up getting user, just root.
I used metasploit to exploit the service at the end of the tunnel. There will be two ways you can take, they are not the same even though they might look like it at first glance. Only one of them will work.
PM me if you need a nudge
Rooted !
I love this machine !
Very realistic !
DM me for nudges !
Rooted!! I enjoyed a lot doing this machine. Feel free to DM if you are stuck!!
Was trying to get user, but ended up getting root straight from initial foothold! Lol!
Note for others:
Initial Foothold:
Remember Breadcrumbs? This machine is almost like that. You’ve to follow a chain of small steps.
The basic enumeration steps and googling will open the right doors.
User:
Don’t know yet. Will update once I find this.
Edit: Found it.
We can read stuff, even though it says we can’t.
Root:
Just like Initial Foothold, we have to follow a chain of exploits.
Do your basic local enumeration work like looking at common locations, listening services etc well.
Once the first gate is opened, hacktricks will guide you to root, if you know the basics.
Goodluck.