The foothold and user were fairly difficult, but with enough research and a little bit of help, I was able to get through the box. There were a lot of times I almost gave up, but I just kept on pushing and trying. I learned a lot of new things.
Gaining root on the box is fairly easy, regarding if you know how to utilize your open source research.
If you need any help or a nudge, feel free to message me
Hey, I need help… I upload my file to directory but I cant open it before it disapear. I add in file a lot of sites before main part, but again I dont have enought time to go to dir and open file in there… Any hints?
Wonderful learning experience. Thanks to @AB2. It was hard for me for user part.
Appropriate hints already given in this thread.For nudge dm me,ready to guide.
Have a question about the .***r file,can I ask anyone privately? Don’t want to spoil for anyone
In right track,if you are doing right it will buy you enough time…
When I update shell and run it i got message "WARNING: Failed to daemonise. This is quite common and not fatal. " from it. Does anyone got same problem? Am I doig something wrong? If someone can send me message, it would be great…
tradtional ways of achieveing rce at your step are not going to work, you need to do some extra research.
But you are going in the right direction.
General hints for everyone:
Foothold: there are techincally two filters you need to bypass…(Hacktricks is your friend)
User: something about the program version and one of it’s functions that is being run in the script.
Root: Easy Enum should take like 5 seconds.
Rooted! Fun box! Root was too easy
Anyone willing to give me a nudge? I’ve got some initial stuff working on foothold but can’t get code exec. Please DM and I can provide more info
Edit: Nevermind, got my initial shell. What a ride
And rooted! What a fantastic box. Foothold was quite a bit of work compared to user and root but overall a great learning experience and quite fun.
Feel free to reach out for a nudge but let me know what you’ve already tried!