Can I get a nudge on root? I’m pretty sure I’ve found out what I have to exploit but I can’t come up with anything, thanks
Good Machine, learned something new today.
User part is just going through the motions, it’s as easy and intuitive as you’d expect for an easy machine (read: don’t overthink attack vectors, examine provided data carefully).
Root had me stuck for a while, I found the relevant files right away but my tool of choice didn’t stick well. Even tough my research on stackoverflow told me this shoul’ve been possible… In the end, I found another way to accomplish what I intended to do with my tool of choice.
Must resist word puns to not spoil root part too much…
1 Like
Hi,
Coming back after a few days break.
I’ve got the user flag and i have a reverse shell on the machine but after looking around on the directories, did not find any way to become root…
Does anybody have a little hint for a newbie ? 
Do we have to use big advanced skills or it’s more easier than it seems ?
Thanks a lot.
finding the path is easy and you should find it pretty fast.
exploiting it will depend on your own knowledge.
some people got it super fast, others won’t if they don’t know what they’re looking at.
Hi, I’m stuck with the root part. I’m trying to exploit the file but I had some privileage problems. Any one can help ?
Running something like Linpeas should point you in the right direction
The same. How to register an accout?
if you do what is says on the box it works.
all you need to do is follow the directions it gives you.
ok, it must be out of my skills…
I got a shell and found binary and source file and thought i could exploit a s…d escalation. But tried many things from debugging to overflow…with no success…sad…but true
is it enough #8518 to get contact via discord?
Everything you need to know is there. Look at the files you have, look at what each function call does, piece the puzzle together, look at that binary and think : “What is it doing ? How is it doing it ?”. You are in a CTF environment, chances are if there are unusual files, they’re here for a reason. Start drawing the picture and go one step at a time.
The last part can be very challenging if you’re not familiar with the technology involved but you’ll get there
Thanks for your time.
I really think i looked at the right place and found what kind of exploit must involved.
But i think i don’t have all the skills needed because i’m a developper and i can read the code but everything i try fails.
DM me if you like.
use terminal for viewing contents not gui.
I Sent you a message in private.
I got to that point where I believe I’m supposed to get user shell. Just can’t find the issue with my syntax or maybe approach. Anyone willing to help a noob out
PM if you need an help on a starting point
Ahh. Finally got the user flag. It really was all kind of staring at me in the face (maybe from the shadows, but it was all there and fairly easy to uncover. What took me a while was actually using all of the clues to finagle a way to that user flag. Just a little reading and googling to craft what I needed. Now on to getting that shell of some kind and going toward root. . .
Have you tried URL encoding the entirety of your payload ? That did the trick for me. If you can execute id or pwd, most likely there are bad characters that cause the application to behave strangely.
1 Like
+1 @dragonista