Wow, what a great machine! Really fun stuff. I love that there’s no plug and play exploits or anything like that, it’s almost entirely critical thinking and reading key files.
ADMINS: Please remove any part of this that may contain spoilers. Thanks.
For those struggling:
Initial foothold: After you do your initial scan, while you’re messing around, make sure you run a more complete scan in the background. It might just turn something up that your first scan didn’t.
Next step: There’s some really good cheat sheets out there cheat sheets out there. One of IppSec’s past videos alludes to the vulnerability, but this one is much simpler and you don’t have to go nearly as in depth. Once you get in, just look around. Everything you need is right in front of you, can’t stress that enough. Start with the basics.
Now maybe you can use what you found to gain access to a running service. Notice that there’s not much here. If you’re confused, ask for help and read through the responses. See what you’re allowed to do.
Once you figure that out, you can try to get a simple RCE script running. Just like in other boxes, RCE will usually allow you to enumerate certain parts of the filesystem, and potentially even run commands on the system. Just remember to hurry up, or think of a way you can make your new situation less temporary.
Once you get stable access, the rest is actually really easy, although it might not seem like it at first. Some of the hints in this thread are spot on: Notice the interesting directory? Think about what that means. If you were running that program as a user, that would give you different available programs, right? Maybe looking around for some of the more important or common ones will help you find what you need.
Once you find the “long” filepath, enumerate, enumerate, enumerate! Just like you would for any other system! That should be everything you need. You don’t need to run any programs once you gain access or anything like that.
You can PM me, but if you do, your questions better be well thought-out and I expect to see what you’ve been trying, otherwise how will I know how to help guide you? No more of this ‘plz help me I need it just tell me how’ crap.
EDIT: First PM after writing this: “SecNotes help logged in but dont know what to do”
Guys. This is NOT how you ask for help.