@poots said:
Rooted!
Well done.
Type your comment> @poots said:
Rooted!
Thanks @TazWake & @thescriptkiddy
I feel so embarassed. Had it from the beggining, just got a little confused with the terminals lol
always 
Type your comment> @bato said:
Hi, I’m locked in www-data, some clue where to look please. Thank you
You should take advantage from what the system gives to you, and do more fuzzing
I need a nudge on accessing the m**** d*. I found creds but trying to access on the box gives me no output. I’m confused because I use the same exploit I see in the writeup I’m following but I guess the tty (if that’s the right word) is different/ less responsive.
I’ve been on this box for days now but I’m NOT GIVING UP!
@TheodoreBell said:
I need a nudge on accessing the m**** d*. I found creds but trying to access on the box gives me no output. I’m confused because I use the same exploit I see in the writeup I’m following but I guess the tty (if that’s the right word) is different/ less responsive.
I’ve been on this box for days now but I’m NOT GIVING UP!
The good news is that, as the box is retired, spolier reporting might be a bit more relaxed now.
So, in the first instance, I’d say if you are trying to attack a database application, you’ve gone down a rabbit hole.
If you have creds, check for cred reuse on other ports.
Hello, to anyone who encountered this error:
sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
TLDR: The error is happening because of the mpm_itk apache2 module
Here is a guide to solve this error, and anyway, you can solve it only when you will become root. if you want you can further dig and unerstand why this is happening, as I did. Hope this is gonna help somebody.