Rooted. My lord that was a fun, a little complex though for an “easy” box - some medium level techniques needed for this one. Props to the creator for a heavyweight first box.
1 Like
Rooted!! It’s not easy for me, but I think im learned a lot from this machine. And thanks for @r3nt0n hint!
Actually, I didn’t quite understand about that program from man pages, but if you search something like linux privilege escalation, it is definitely shown in many articles.
Logged in but couldn’t find the new block. Read all the files which are visible but couldn’t find any. Any nudges
Rooted.
Complex but not difficult, definitely more steps than your normal easy box.
Getting to user is more difficult than getting to root.
Really enjoyed it though, although there was quite a lot of time spent waiting.
You’ve gotta be pretty thorough in looking over your enumeration logs to figure out the steps to escalate privileges, paths are everything.
Did you escalate your privilages to player by checking the logs
Rooted 
, it is not too easy.
thankyou to @JacobE and @r3nt0n they helped me a lot
If anyone is stuck feel free to DM.
Probably a stupid question, but could anybody give me a hint to gain foothold? I’ve discovered SSH, HTTP and a service running at port 9091. Both SSH and HTTP do not seem to have any vectors of attack, which leaves the unknown service at port 9091. I’ve no idea how to enumerate an unknown service, so any points in this area would be much appreciated! Moreover, any hint on how to approach this box would be appreciated!
Enumerate more HTTP things.
2 Likes
Try searching for something small in port 80 and i recommend using seclists for that
2 Likes
For everone struggling to root:
Snakelikes can read things or make clams through addons
Thank you for the nudge, I’ve managed retrieve these details! Just need to work out how to login to the system now
Rooted! 
Although I ran into a strange bug with this machine. I wasn’t getting complete output when I was getting user creds. Not sure if it was a bug on my end or the servers end though. Either way, I was still able to finish it!
can anyone help. Ive uploaded the re***** S*** but not getting anything
TIL there’s more than one place config files for services can live by default… Apparently this evaded our plant based enumeration friend as well. Once that bit clicked for me, root followed soon after!
Definitely not an “easy” box from my perspective, Medium feels a bit more right. Very well made though, kudos to the creator!
Finally rooted. Getting the user was difficult that the root. For root it’s just straightforward. Thanks @v0l4 @JacobE @r3nt0n for guiding me. DM me for any help…
1 Like
Any tips regarding privesc to root?