Easy and fun box, here are my hints
Versions are important, you should do nothing more than run a cmd to get the initial shell
There is a fantastic hint that I should have listen before spending a lot of time in enumeration… page5, @blacViking (thanks man !)
What can you do and what is your goal ? Google it and you’ll be free.
If you need help, feel free to PM
Rooted, thanks to @Shubhamz007 and @DarkRider88
Rooted. Fun box.
Rooted, pretty fun and easy box.
PM me if needed 
I keep getting a connection to my nc listener, but I can’t run anything after the initial connection. anyone have advice/solution?
I’m don’t receiving connections on my nc listener. I’m normal exploit from edb, any suggestions? I’ve read that i need to do some tunning but i don’t know where (i’ve tried using another reverse shell). Any minimum help would be appreciated
I’m don’t receiving connections on my nc listener. I’m normal exploit from edb, any suggestions?> @BoWyatt said:
I’m don’t receiving connections on my nc listener. I’m normal exploit from edb, any suggestions? I’ve read that i need to do some tunning but i don’t know where (i’ve tried using another reverse shell). Any minimum help would be appreciated
I got a shell with another script but i want to understand the most popular ones. Still figuring out why im not receiving with the other script.
I’m stuck on how to get du** user. Enumeration and linpeas did’nt get me useful things, any hint ?
@UVision said:
I’m stuck on how to get du** user.
Double check you need to get this user account.
Enumeration and linpeas did’nt get me useful things, any hint ?
Yes, enumerate more. To steal a phrase from PWK/OSCP, it really is a “try harder” here.
Your enumeration needs to look at an unusual folder which might hold things people use to store stuff.
@TazWake I have for now listed the directories accessible for writing without having seen an interesting info, I guess I must have missed it.
@UVision said:
@TazWake I have for now listed the directories accessible for writing without having seen an interesting info, I guess I must have missed it.
just to check, did you also include ones you could read rather than just write access?
@TazWake Indeed not, is there a good command for that ? All commands founded on the web doesn’t work for me.
Resolved : the only “uncommon” folder in my case is the assets folder situated in /, but I don’t think it is the right way.
@UVision said:
@TazWake Indeed not, is there a good command for that ? All commands founded on the web doesn’t work for me.
Well, there is but it would be insanely noisy as you can look at most files on the OS. Simply searching for readable files is easy but I don’t know how you would narrow down the output. You could try something like:
find / -type f -perm -a+w 2>/dev/null
but it might need some tweaking.
Manual enumeration is more effective.
If you look in / there is a folder for things people can decide if they want or don’t want to install. In there is a folder which is probably not present on your own Linux system. It is worth looking in there.
@TazWake Thanks for these nudges, I founded an ssh private key, I hope that is the right way to get user…
@UVision said:
@TazWake Thanks for these nudges, I founded an ssh private key, I hope that is the right way to get user…
Well, it is interesting and it certainly wasn’t something I found.
Bear in mind.
Cast your mind back to my first response. What user are you trying to get and do you really need it ?
@TazWake so bad that I’m not in the good way. From you response, I’m a bit confused : is the “****” user is necessary to get root ? Or as I already own the user flag, it is not ?
@UVision said:
@TazWake so bad that I’m not in the good way. From you response, I’m a bit confused : is the “****” user is necessary to get root ? Or as I already own the user flag, it is not ?
It is not necessary. You can drop me a direct message if you are still stuck.
@TazWake I send you a Dm, it is a better way indeed.
Fun box, nothing too complicated, yet I spent way too much time on root forgetting about basic rules about what users do with their passwords…
That box made me a pro hacker, that’s a milestone !
Good luck to everyone, I don’t have much to help you, everything important has been said already !