When trying to login to the d******* with creds, the shell just hangs forever. Is this normal?
Any nudge on getting root? Iâm pretty new to this and I think Iâm overthinking it EDIT: Nvm, I was overthinking, found it. Nice machine, rooted
Hey all, need a help. Got the ha** and it takes so much of time to get pwd. Am i on correct track?! pls advise
So Iâve been able to access the vulnerability and get over the foothold, but I canât seem to get access to user. The e*** portion of l**s seems simple enough, but yet whenever I try to inject into it itâs as if only the first commandâs output is recognized? I know what Iâm supposed to do and theoretically it should work, but in this specific case it doesnât and no matter how much Iâm able to look up about it I canât seem to get a solid answer. Iâve tried everything from URL encoding, to changing the content type, etc. Can anyone send me a PM? I know Iâm probably missing something potentially very obvious but as of now Iâm dumbfounded. EDIT: nevermind, got it fixed. tunnelvision is quite the trickster.
I managed to get user and then root but maybe someone can help me. I got rootâs flag in an unconventional way because whenever I got a shell into root, none of my commands except exit worked. It would look something like the following: root@previse:/# ls root@previse:/# I would get no output or anything. What couldâve happened with my shell? 
can someone explain to me why the privesc works if env_reset is set in the sudoers file?
@neuroplastic said: > can someone explain to me why the privesc works if env_reset is set in the sudoers file? It depends how it is set I think. I am not sure and didnât notice it. This is an interesting read though: UNIX Health Check - Avoid using env_reset in sudoers file
Please help me. I accessed the page and got the m***l password, but I donât know where to go after that.
*Spoiler Removed*
Type your comment> @neuroplastic said:
can someone explain to me why the privesc works if env_reset is set in the sudoers file?
It doesnât set. This string is commented in sudoers file.
I got to the files section. I found 3 files and downloaded them then I deleted 2 of them just to see what happens. Seems like the 2 files were non interactive php shells from other user?. I guess I am stupid but I suppose it is not the way to get user normally. Hey guy that I deleted your php backdoor. Sorry was a mistake. Not sure if it works though looks like they are not put in the fs. Hint: To those stuggling with john. I would suggest to crack your own password first, find the proper command line arguments, then crack the one you want, probably will save you time if you have a huge wordlist. @AsaWaffles said: > I managed to get user and then root but maybe someone can help me. I got rootâs flag in an unconventional way because whenever I got a shell into root, none of my commands except exit worked. > > It would look something like the following: > root@previse:/# ls > root@previse:/# > > I would get no output or anything. What couldâve happened with my shell? Depends on how you get the shell. If you donât use netcat or similar, then probably you donât see anything cause it is sent to stdout and stdout is sent to a file? try redirecting stdout to stderr as well or use netcat.
Learned something new: Donât trust Firefox DevTools. I wondered why the length in gob***** was non-zero, but then blindly trusted Firefox which didnât show anything in the response data. I feel betrayed.
@Joeljp said: > Please help me. > I accessed the page and got the m***l password, but I donât know where to go after that. Use it to enumerate the m___l service.
I found the way to execute âwhat I want to doâ. But does it is normal that every shell I use donât work ? I tried to download it (seems to work) , or simply nc , with several archs but nothing.
Type your comment> @UVision said: > I found the way to execute âwhat I want to doâ. But does it is normal that every shell I use donât work ? I tried to download it (seems to work) , or simply nc , with several archs but nothing. Finally found another (stupid) way.
Hi there, anyone of you reach the final step, where you try to use the copy binary way to privilege escalation. What I donât understand here is that if I copy the binary to /dev/shm, when executing it, it fails to pop a root shell, but in any other writable directories like /tmp or ~, it works. The copying and executing process is every bit the same. Why is that happening, anything different with /dev/shm? Canât seem to find an answer by myself, any explanation is appreciated. Thanks.
Fun box! Foothold: canât really trust browsers these days, you need to look beyond. Find the weak link and abuse it, beware of rabbit holes! User: if youâve enumerated correctly in the first step you should have the necessary to retrieve good stuff. Be patient and pay attention to the salt! Root: enumerate permissions and exploit the classic misconfiguration Thanks for the box!
Type your comment> @hadrian3689 said: > Rooted! > > A fun box. You learn a lot. > > Hints: > > Foothold: > This box reminded me of Ippsecâs video on the Bank box. You got to talk to the postman AND just cause you canât see it, it doesnât mean itâs not happening. > > User: > Just some classic enumeration. If itâs taking too long then you are on the right track. No need to take the salt off the table. > > Root: > Whatâs today date? Canât forget to Paint All The Homes > > Hope I didnât spoil too much. If you didnât find these helpful, feel free to DM me. Good luck to all. Ippsecâs bank video is a big hint, but very helpful, I donât think that I wouldâve understood foothold at all without it. Thank you!
Very nice machine, just finished. Foothold: as everyone said ippsec have the first para of the solution, once inside the check the zip, not only the config User: Think how the web works and where it stores all the data. Root: Just enumerate, should take 2 minutes. If any nudge is needed just write me 
Rooted I think everythingâs been addressed in the comments on this thread (thank you to everyone who shared your information earlier!). If your hash toolâs not working as intended - look at the settings and try something else. The kitty didnât work for me, need to re-look at my GPU driver, but the other tool worked fine with slight modification. Quick add-on here - please make sure to clean up your stuff! Found a lot remnants from other peoplesâ completed efforts that I ended up cleaning up before cleaning up my own stuff. This is an important step that shouldnât be forgotten about.