Hi, having a mare here. Got the D’s details, cracked but of no use -seen this from here but not from trial and error anyway! Seen the “other directory”, read the conf and just don’t know what I’m missing. Any nudge gratefully received. Finding this difficult. PM if you can give me a hand. Cheers.
*Update: Ignore last, found it. Now what to do with it…
Great box @jkr. I learned a lot by watching what was going on in the /tmp directory. LOL. Just as soon as the box gets reset, everyone starts going to town. At one point I saw something that interested me, managed to get to user, but then the box reset. So then I needed to find it on my own, which I was happy for.
Then right when I was futzing with the script that we’re supposed to learn from, someone else at the same phase in their journey. They created a file, so I peaked inside it and new immediately what they were up do since I’d studied the other file so long.
Then I remembered that the ‘less’ you know, the more you can do and then boom! root. I’d better take a break, though.
This is my third root in four days. Maybe just a little recon on a new box …
aarrggh… the last one got me. there are enough hints about what to do , but not as much about how they got there… hint… read the man pages, read the man pages, read the man pages… why do things man-ually when then can be done for you
USER: read carefully the conf file that everybody talks about. You find a username and his home dir right? why is also something else? try to lay with them. they have any sort of relation. Later try to crack and crack. The first password you get cracking the hash is not ssh password or sudo password. it will be used later. First find more things to crack and later u will use that cracked hash. I recommend to see Chainsaw box from Ippsec YT video to understand what you need to crack.
root: just read the .sh file and read doc of the command that is being executed with sudo. Its output is important. Then use GTFOBins to get root. you may need to modify a bit the script to get what you want.
better leave the script untouched.
just copy the interesthing rule fromthe script to your command line and play with it.
Finally rooted… I was frustratingly close to solution for soo long time, but I didn’t follow through with my instincts. Well, it was a learning experience.
Finally Rooted!
Thank you @gluonsrgreat for great help!
For my friends working on this machine
first shell: CVE (latest)
User: config file (the clue is in front of you)
Root: GTFOBins
Rooted
Little confused, while try to get root because of a little restriction there But when I realized what needs to be done, got root quickly.
Thanks for the box! Have a lot of fun!
I really enjoyed this box, thanks to @jkr for its creation - the user was a lot of fun to get and the root reminded me of one of the Over the Wire challenges (I think it was Bandit but don’t quote me on that) that I’ve done before-- that’s where I learnt about this particular “thing” anyway.
Got user pretty easily, but root took a few days on and off (although should have been much easier). Thanks to @Dins89 for the tip.
My tip for root: Everyone goes on about ‘less’ but I didn’t need it, although the window needs to be the right size. GTFOBins is a little help. But, the most important thing, look at the command you’re trying to execute and mess with it…do you need it all? Maybe call a plumber to take something out…