Type your comment> @gs4l said:
I can read files, was able to find the directory of the webserver and read the coig files, got creds to m*l. From this point, I can’t find a way forward to create a reverse shell. Nor I can find anything to ssh. I’ve tried everything I know but no luck, and I’m out of ideas now. Someone, please give some hints on how to proceed.
Same here. Interesting but frustrating.
@gs4l said:
I can read files, was able to find the directory of the webserver and read the coig files, got creds to m*l. From this point, I can’t find a way forward to create a reverse shell. Nor I can find anything to ssh. I’ve tried everything I know but no luck, and I’m out of ideas now. Someone, please give some hints on how to proceed.
@grokgrok said:
Type your comment> @gs4l said:I can read files, was able to find the directory of the webserver and read the coig files, got creds to m*l. From this point, I can’t find a way forward to create a reverse shell. Nor I can find anything to ssh. I’ve tried everything I know but no luck, and I’m out of ideas now. Someone, please give some hints on how to proceed.
Same here. Interesting but frustrating.
Look for the common files used with the vulnerability. A famous list will help
fell free to Dm me if you are stuck
Wooow that box was really really cool !
It turns out that you don’t need the user part to get root. That got me confused for a while as I was walking the root path unknowingly while trying to get user.
There are a lot of steps from recon to root, but except maybe the very last one, everything relies on having your eyes open and asking yourself the good questions. I can honestly say that if you get stuck on this box it’s only because you haven’t looked at the right place.
That was very enjoyable @TheCyberGeek
Got user, found something potentially promising, but I wonder if this could be a rabbit hole.
Did someone manage to make the exploit for local port 8*** work ? Been trying for some time, but even if the exploits complete, I’ve got no result on my listeners. The clues left in the user directory also seem to point another way, so maybe I’m not on the right track …
EDIT : Not a rabbit hole, an exploit will work for this service. Now I gotta escape from jail
So, after a ton of googling I took a hint and ultimately priv esc’d. I have not been able to connect the automated exploit to the vulnerable webserver when I search for exploits via google. I am wondering what search people used or what specifically they found on the box that led them to the exploit. I am curious about how people made that connection
rooted right now, I really liked this box. DM me for hints
I would appreciate a hint on foothold box - I am pretty sure I am on the right track but I can’t move further
What a fantastic box! @TheCyberGeek thank you so much, I had a blast. This box contains a lot of learning and fun. Reading other people’s hints on how to get to root, there’s nothing I’d like to add. Enumeration, Google, be persistent and be sure to enjoy the wild ride!
DM me for hints.
Type your comment> @StefLan said:
I would appreciate a hint on foothold box - I am pretty sure I am on the right track but I can’t move further
Finally got it lol
Got root finally, after few hints. Very hard machine.
Hint for root: not setting forceexploit true costed me two days of headbanging…
Got root. I think this VM should be classified as medium
I’ve found rem*** fi** Inc****** and therefore creds to db, but at this point i’m stuck. Can I ask for any hint?
Rooted…!! I am not a Guru but this has to be the easiest hard-rated machine ever…This box really should be medium. I admit, the root part was a real pain but as a whole, I don’t think this should be a hard box.
Foothole:
Read your scans well, Don’t even miss one [+] and see if you can get the one out of “top ten”.
Not only Github has wordlists “Hacktricks” does too.
User:
Enumerate the FS well, It’s a guessing game (Home sweet home).
Some people really love /bin/“sh” than /bin/bash.
Root:
How can I get a PID
“man ssh” and console is always useful
Pentester Academy is a place where you can learn a lot of stuff
I hope these little hints will help you…If you need help just DM me…I will try my best to help you
Type your comment> @kavigihan said:
Rooted…!! I am not a Guru but this has to be the easiest hard-rated machine ever…This box really should be medium. I admit, the root part was a real pain but as a whole, I don’t think this should be a hard box.
Foothole:
Read your scans well, Don’t even miss one [+] and see if you can get the one out of “top ten”.
Not only Github has wordlists “Hacktricks” does too.User:
Enumerate the FS well, It’s a guessing game (Home sweet home).
Some people really love /bin/“sh” than /bin/bash.Root:
How can I get a PID
“man ssh” and console is always useful
Pentester Academy is a place where you can learn a lot of stuffI hope these little hints will help you…If you need help just DM me…I will try my best to help you
Sent you a DM 
Took me a few days to get root !
Foothold: Basic enumeration + CVE. Again basic enumeration + CVE. Check the version first!
User: Actually you don’t need user to get root … Still have no idea how to get here, and I stuck in a rabbit hole for a long time.
Root: Basic enumeration and dig a tunnel for yourself. Again basic enumeration + CVE, once you get here you must be careful to set some flag and the shell would come back. Now you’re in the jail, don’t overthinking here just try the easiest one first.
Rooted.
Trickiest part was getting the foothold to work actually, the rest was pretty straightforward. Learned a lot on the final step as I took the opportunity to really read “everything” available about escaping, could have been done in a couple of minutes I suppose.
You can DM me if you need any clues
Hi
Everyone is dropping cryptic hints about getting root.
But none of it makes sense and I feel like I am in in the wilderness.
I have an exploit that seems to work from the foothold I have .
But the msf exploit is welded to a specific payload that uses the linux command c*** - which is not installed on the box.
I am only using metasploit because this is the ONLY version of the exploit that I found.
So - i can read and eunmerate and set all the flags in the world.
But that wont make curl work on a box on which curl is not installed.
So do I try and hack the msf payload to use ‘nc’ or do I try and find a different version of the exploit or do i need to roll my own???
cheers,
non-at
EDIT: ok i found a way in … sorta. now i need a way to break out …
Spoiler Removed
Hi:) I’m stuck on the root part. For the service that I need to exploit, does it is a cur** service maybe ? Because since some days this service disappears from the process, even with many reset…