ScriptManger

I successfully got the root on Bashed but it difficult to figure out how can a script can get the root’s file. did scriptmanger have some spcl permissions than what they are and how up them in own machine?

edit

@peek said:

edit

i cant able to figure out how a python script can bypass the root security what is the matter that are allowing it to bypass the root check

i made that box when it has been released, there was many python files. I would probably never guessed it or found.

@h4x3r said:
I successfully got the root on Bashed but it difficult to figure out how can a script can get the root’s file. did scriptmanger have some spcl permissions than what they are and how up them in own machine?

The answer to this cannot be provided here as it would spoil the solution to the box, I can DM you the answer if you wish.

@lowpriv said:

@h4x3r said:
I successfully got the root on Bashed but it difficult to figure out how can a script can get the root’s file. did scriptmanger have some spcl permissions than what they are and how up them in own machine?

The answer to this cannot be provided here as it would spoil the solution to the box, I can DM you the answer if you wish.

yes! please! i am in awe of answer

@lowpriv can you send those details to me as well? Got system, interested in the details now. Wanna know more, or how to spot this flaw more easily next time.

Anyone else who has a spare moment also feel free to dm me about this, would love to explore this more.

@lowpriv @Nalaurien could you share the details to me too, please? Got root, but I can’t seem to find the final piece of why did it work. Would appreciate a conversation about it if you can! Thanks in advance.

Can someone explain to me what is going on with scriptmanager in /scripts on Bashed?

Hi,

I am also stuck in the same place. I got root as scriptmanager, can someone help with a hint in the next step. I tried with a python script to copy file from /root to /tmp but i am getting permission denied.

@riveta said:
Hi,

I am also stuck in the same place. I got root as scriptmanager, can someone help with a hint in the next step. I tried with a python script to copy file from /root to /tmp but i am getting permission denied.

DM me

For those of you who are still looking for the methodology here, watch this video from ippsec, specifically at this time and try to understand what he is doing and why he is doing it. This is how I found the answer I was looking for.

Open video and navigate to 31 minutes

I’ve watched this video but for me it’s impossible to get root on this machine…
If somebody can PM me for helping.
I

The only thing required to get the root flag on this is attention to the very basic detail that you get from enumeration. Check and check again - take nothing for granted.