I dont suppose anyone has a hint for the initial foothold? I found the encoded password but I cant find a corresponding user for the ssh login. or am i completely off base here?
@SirFIS said:
I dont suppose anyone has a hint for the initial foothold? I found the encoded password but I cant find a corresponding user for the ssh login. or am i completely off base here?
You will hate me for this but as they say, enumerate more. Believe me it took me 3 days working on this before I realized how to get into the box.
@The0Xypher said:
You will hate me for this but as they say, enumerate more. Believe me it took me 3 days working on this before I realized how to get into the box.
you’re not wrong haha i dont suppose you/anyone has any hints for the zip file? i noticed an odd file in / and a strange sounding group but im not sure whats the best avenue to pursue here. any hints?
Can i pm somebody for help ?
hi can i get some help in Priv with poison
@SirFIS said:
@The0Xypher said:
You will hate me for this but as they say, enumerate more. Believe me it took me 3 days working on this before I realized how to get into the box.
you’re not wrong haha i dont suppose you/anyone has any hints for the zip file? i noticed an odd file in / and a strange sounding group but im not sure whats the best avenue to pursue here. any hints?
The best advice I can give is look though the forums and you should see what the file is used for but even personally Im still trying to work out how I can use the file to get what I want.
I have been stuck at privesc for a while, I haven’t managed to unzip the zip file yet.
After some enumeration I have an idea for what to use the extracted file for, but as I haven’t found the zip password I cannot test if my theory is correct.
If anyone would like to PM me with some none-spoiler hints to nudge me in the right direction, that would be great.
So I think someone else already said this, but you dont need to read the zip file. Keep looking.
@The0Xypher said:
@SirFIS said:
@The0Xypher said:
You will hate me for this but as they say, enumerate more. Believe me it took me 3 days working on this before I realized how to get into the box.
you’re not wrong haha i dont suppose you/anyone has any hints for the zip file? i noticed an odd file in / and a strange sounding group but im not sure whats the best avenue to pursue here. any hints?
The best advice I can give is look though the forums and you should see what the file is used for but even personally Im still trying to work out how I can use the file to get what I want.
the hints are to vaguel to give an actual hint to be honest (at least for me that i am a noob atm). i am trying to work the priv esc for a couple of days, but still not sure what I should do. i think it requires a good familiarity with default processes running on a machine
This box was a bit of a pain. I had the right concept but was looking at it from a totally different angle.
How do trains go through hills? 
-edited- neverrrrmind
@w31rd0 said:
@The0Xypher said:
@SirFIS said:
@The0Xypher said:
You will hate me for this but as they say, enumerate more. Believe me it took me 3 days working on this before I realized how to get into the box.
you’re not wrong haha i dont suppose you/anyone has any hints for the zip file? i noticed an odd file in / and a strange sounding group but im not sure whats the best avenue to pursue here. any hints?
The best advice I can give is look though the forums and you should see what the file is used for but even personally Im still trying to work out how I can use the file to get what I want.
the hints are to vaguel to give an actual hint to be honest (at least for me that i am a noob atm). i am trying to work the priv esc for a couple of days, but still not sure what I should do. i think it requires a good familiarity with default processes running on a machine
Im a noob myself if im being honest. It took awhile for me to find out what the file was used for but actually knowing how to exploit is a puzzle to me. My advice is go back to nmap and see what else is going on. You may have more luck than figuring it out.
@The0Xypher said:
@w31rd0 said:
@The0Xypher said:
@SirFIS said:
@The0Xypher said:
You will hate me for this but as they say, enumerate more. Believe me it took me 3 days working on this before I realized how to get into the box.
you’re not wrong haha i dont suppose you/anyone has any hints for the zip file? i noticed an odd file in / and a strange sounding group but im not sure whats the best avenue to pursue here. any hints?
The best advice I can give is look though the forums and you should see what the file is used for but even personally Im still trying to work out how I can use the file to get what I want.
the hints are to vaguel to give an actual hint to be honest (at least for me that i am a noob atm). i am trying to work the priv esc for a couple of days, but still not sure what I should do. i think it requires a good familiarity with default processes running on a machine
Im a noob myself if im being honest. It took awhile for me to find out what the file was used for but actually knowing how to exploit is a puzzle to me. My advice is go back to nmap and see what else is going on. You may have more luck than figuring it out.
I had detected the service that was strange (not from nmap but locally). but I agree i had a hard time finding the usage of the secret file.
Got root.txt after all though
@The0Xypher said:
Im a noob myself if im being honest. It took awhile for me to find out what the file was used for but actually knowing how to exploit is a puzzle to me. My advice is go back to nmap and see what else is going on. You may have more luck than figuring it out.
i got root eventually needed some pointers on exactly what needed to be done but this box has been a good learning tool i reckon.
@w31rd0 said:
I had detected the service that was strange (not from nmap but locally). but I agree i had a hard time finding the usage of the secret file.
Got root.txt after all though
its one of those things thats obvious in retrospect.
and for people still stuck think of the tunnel and how you got user and how you can combine those ideas with what is running
Guys, please, could someone give me (in private too) a tip about enum phase? Because i’ve used a lot of tools but i’m still finding the same php file!
Got root on this box. I was doing everything right and after a short message from SirFIS i figured out my very noob mistake.
Sometimes… looking backwards… is actually going forwards…
if you can’t brute something in 20 mins or less with rockyou.txt or any of the files from seclists… chances are, its not expected to complete the challenge.
Unless the author is a douche of course. Imho In this case, the author is NOT such…
Can someone PM me a tip? I figured out the service and what to do (kinda), but cannot figure out what to do with the zip file
I’ve extracted the zip and believe I’ve found the service. Could someone PM me a tip?
Would somebody PM a priv esc tip. Found interesting services and unzipped the file, but stuck there.