im stuck in jail, need some help with a breakout if someone is willing to nudge.
PS, what I got is, 1. the jail (i can enumerate all files from jail, but not get their contents) and 2. access to two other service users (i can read files with one of these) 3. a family guy which seems to be a total rabbit hole.
So I’ve read all the comments, enumerated vhosts, files (at least I think so), saw the error for a short time :), but still can’t figure out how to proceed.
I’m pretty sure I’m missing some piece of information to advance.
Will appreciate a nudge.
Please let me know if I can contact anyone for discussion.
Thank you
Rooted. And I’m still surprised that root part turned out to be much simpler than initial foothold and user parts. Took me about 2 weeks, and I cannot say why it happened so, but most likely because I was too lazy
just did it, awesome setup, awesome line from enumeration all the way to root… I give it a 10/10 had fun… (minus the 4-5 hours I wasted trying to figure out why something was not working and turned out I just needed to reset because someone changed it…)
First of all I have to thank @MrR3boot for creating such a challenging box.
I’ve had so many knowledge gaps during the research of the box that it took me
several discord chats and more than a week of research/frustration/little wins to actually
complete the box.
As others pointed out the user part is much harder than root (although it took me some time and another chat to get to the right path for root as well)
As always I learned much more than actually was required to complete the box
User: Enumerate too much here and google every suspicious word. when you get hidden apps, first understand very nice how is working, don’t start hacking nothing. Then, don’t try to escape from nothing, just search for exploits (in the forum there are very nice hints)
Root: Is a combination escalation between a classic technique and vulnerable code
@MrR3boot Thx, for this box, was amazing and very real.
EDIT: Rooted! I kept complicating things for my self. DM me if you need help.
Also, big thanks to @MrR3boot for creating this master piece. I learnt a lot during this.