Nevermind, I used pentestmonkey’s version and it worked.
my connection to l*b file dont stay help
I have obtained permission to access www(data), but I cannot find the first flag. Help me, please.
Got it!
User was really a piece of cake, you just need to check for exploits on available services as almost always hahaha
But honestly the root flag took me 2 hours Its my first time working with linux perms so it took me some time figuring out how them work
Cool machine!
ROOTED
But I share the same doubt as you. Literally the same. Why should I be able to make the script work on some file in /e[...]
and not on some file on any other path (with similar permissions?)
Have you managed or is there anyone that has understood it?
I just got the solution by trial and error but didn’t understand this
EDIT: the reason for which the permissions of the script itself cannot be modified (and the flag too) resides in the lsattr
command. Try to run it on your files of interest and if a i
appears in the result (e.g ----ia--------e-------) then the file is immutable.
Am I on the right track with the CRLF injection?
I have tried using gobuster to find directories? not getting anything ive tried different wordlists even tried using ffuf still nothing even used knock…
Banging my head against the wall for root found the ACL scrpt but unsure of how to use it to call a root shell. I cant think of any ways