I am beating my head against a wall…any advice is welcome and greatly appreciated.
I have found lt file, and I am aware of how to run it with s with correct permissions. However, when running the file, I get a line that says “Welcome to…” followed by jargon/encoding. I have no clue what this file is supposed to do, only that it assists in gaining access in some way.
I have also found a.l**, and edited it to reflect the correct connection information, as this seems to be the right next step (but obviously is not). I have not been able to get this file to execute; in every way I try it just shows the command I entered and sits there, staring blankly at me.
I have perused every page of the forum so far, and found some useful hints but still not able to get anywhere on this box. I am happy to discuss via PM if necessary to avoid any spoilers for the rest. I am sure it is something simple I am overlooking, but I am not sure what else to try at this point. Thank you so much for any help you can provide.
Disclaimer It may be obvious, but I am pretty noobish at this. I have been researching the ■■■■ out of this, trying to figure it out, so I am not looking for handouts. I am honestly trying to develop a solid pentesting methodology; I just need a nudge in the right direction.
Hi, I just finished my write up of this machine, I thought of putting the root flag as a password but apparently it is a dynamic string now. Could some who has root send me the hash for the root password.
why not do it myself? because this box keeps getting reset and it is getting on my nerves
Managed to get root last night despite multiple resets. People are still leaving a lot of garbage all over the box, but at least the webserver and ssh stayed up this time.
Rooted! The resets every 15 min are making this machine harder than it should be. Learnt some stuff with this one.
Foothold : easy, just google what you see
User : i ended up doing this two ways. Didnt need to learn alot about the language
Root : this was a pain and i went down a rabbit hole. Turns out i was doing it right all the time but not triggering the right way. Be quick and always have a second terminal open
user: thanks for suggesting to look after not visible html hints, I finally got the webshell and made my way through s*******n user.txt file
root: accidentally found an interesting process running, but I hadn’t been able to
take advantage of it at first, too many things to do and not enough time to do them (and too many reset and overwrites by other people unfortunately, please guys use “>>”). Finally, I thought I was actually only interested in root.txt contents, and there are quicker ways to read it, instead of doing a classic privesc for a shell
very nice box, funny, actually easy but not trivial!
Rooted! Thanks @Xh4H !
User: OSINT, check the author of backdoor in the google
Root: Enumeration. Search what the file(s) you can write.
Good machine for beginners.
User was a little bit difficult; not too bad though. See if you can see what processes are being executed and see if you can “Traceback” it to some files that you control.
Hope this is not considered a spoiler. If it is, please take it down.
I’m stuck on root for 2 days now. I am s***n I found r-p**** and I’m editing 0*-h****r file with what I want to execute, but still don’t know how to run it as root. Permission denied whatever I tried.
I’m stuck on root for 2 days now. I am s***n I found r-p**** and I’m editing 0*-h****r file with what I want to execute, but still don’t know how to run it as root. Permission denied whatever I tried.
It depends on what is denying you. How are you trying to run it as root? Why are you trying to run it as root? (etc).
Think about the attack you are trying to execute, the files you are trying to use and how they are used by the OS.
I’m stuck on root for 2 days now. I am s***n I found r-p**** and I’m editing 0*-h****r file with what I want to execute, but still don’t know how to run it as root. Permission denied whatever I tried.
It depends on what is denying you. How are you trying to run it as root? Why are you trying to run it as root? (etc).
Think about the attack you are trying to execute, the files you are trying to use and how they are used by the OS.
Idk with the files I could edit, I don’t know what else to do, read about many things such as cronjobs and etc. still don’t see a way to run it or make it run as root with the permissions I have.
Idk with the files I could edit, I don’t know what else to do, read about many things such as cronjobs and etc. still don’t see a way to run it or make it run as root with the permissions I have.
So, trying to avoid spoilers. Something made you decide to modify this file, so try to focus on what that was.
You can modify some files but you might find something else changes them quite often. However, you can either be fast or find a way where this doesn’t matter.
Lastly, you need to understand what triggers the file. Then you can make it work.
Idk with the files I could edit, I don’t know what else to do, read about many things such as cronjobs and etc. still don’t see a way to run it or make it run as root with the permissions I have.
So, trying to avoid spoilers. Something made you decide to modify this file, so try to focus on what that was.
You can modify some files but you might find something else changes them quite often. However, you can either be fast or find a way where this doesn’t matter.
Lastly, you need to understand what triggers the file. Then you can make it work.
Hmm you are right, I still don’t know how they get back to their old version in just seconds, will look up to that , thanks!
Took me a while but finally rooted. I spent more time than I would like to admit getting the foothold and then an interactive session. Available for hints.
Guy use “>>” seriously !