Relatively easy, but made me realize that i still dont have a routine and i fall for rabbitholes. I still think it was entertaining and actually rating is spot on.
@Quacktop Thanks for your kind words though! Could you PM me though I would be interested to know the route you took
@blaudoom I’m glad you enjoyed it! Sometimes we can all get mislead in some way. What’s important is you figured out how to get past it! Thanks for your kind feedback!
Was a very fun box
hints for initial:
- do your basic enum and google for the non standard ports and get articles
- follow the article to find out what works. then update your exploit and run
hint for user:
- think about where juicy data can be and search for it
hint for root:
- go back to start and try other things
- like @Quacktop said CVE
like always if it spoilers too much please delete
If help is needed PM me
Rooted. Wow I feel dumb, the privesc from foothold to user was glaringly easy but my brain just died. Overall fun box but I feel the root was a bit too easy.
Really fun box I have a tendency to overthink “easy” boxes which got me stuck a couple of times.
Got user access @M**t
Just rooted this box. Thoroughly enjoyed it, found user to be harder than root though…rooted within 5/10 minutes of getting user… Thanks @TheCyberGeek
very good box! I like it
Got root!
- Initial foothold was for me the most educational part of the box.
- User was pretty easy (enumeration is key…)
- Root was the easiest part (did not learn something new here)
id
uid=0(root) gid=0(root) groups=0(root)
Loved it… Was good for New people hope there are more like this.
I did learn some good stuff even with root… Was a small lesson but one was learned… Look at everything…
PM for hints…
Finally owned it! User was much more difficult than root - I certainly over-complicated, over-thought every step and went down every rabbit hole! Note to self: Keep it simple stupid
Thanks to @beorn and @MrW0l05zyn for the nudge with foothold.
PM me for nudges…
Got around to this yesterday and rooted it. Looked past the first bit for user out of eagerness. Taught me to enumerate harder again.
Hints on here are already enough, as previously stated.
Good luck everyone!
Rooted. I liked this box, I think it’s good to have always boxes like this in the lab. Easy (for the newcomers) and also with something that (almost) everyone else can learn about some popular service.
Rooted my mf was not working properly now fixed with the sl and got root
Rooted, thanks whoever helped me
Can anyone give me a hint about getting a user for the postman
Rooted! Fun box. For user i had to reset the box in order to get the default directory for r****, so make sure you know where you are.
I think I’m using the correct exploit but when I try to run it only i see “receive data” two times and that’s it, but I’m not sure what I’m doing wrong.
Rooting is always an adrenaline rush