Official Sandworm Discussion

I really enjoyed this box. Gotta be one of the best mediums I’ve done in a while with only one area that I really got stuck on but I still learned a lot. Anyone who is stuck, feel free to reach out for some help :slight_smile:

hints?? stuck on foothold and dont know what to do with pgp

Hey!
So I’m catching up on this box and I almost managed to leverage the vulnerability into initial foothold, but I’m having some trouble, if anyone has the time to help out in dms I’d really appreciate it!

where specifically were you stuck, I’m escalating privileges to root, I’m getting confused, because everything in my view has already been tested.

patience and calm is the key to the machine

I just finished the box. But is not clear to me one thing.
We access the machine with user1, move then to user2, go back to user1 for privilege escalation.
Why was not possible to do the privilege escalation in the first reverse shell for user1?

Actually my question is wrong, the second reverse shell for user 1 was to change the ssh credentials. So, why can’t we do that in the first reverse shell?

Because initial access as user 1 has a limited shell and cannot use the root PE (to my knowledge you cannot breakout the limited shell). You jump to user2 and get back to user1 with now a proper shell that allows to do final PE.

But for both reverse shell was used the same command. The only difference was that one was using python (I think) and another was a rust.
Maybe the services were running with different privileges.

I’m tired of guessing and I tried every payload. What a waste if time…

I’m so dumb, my eyes were closed but then I opened my eyes and saw the sign.