Hey guys. This is my very first Box. I know that i have to do something in that .sh file for getting root. A small help will be greatly appreciated. WHen i use GTFObins inside the script, it asks for password.
Type your comment> @gorg said:
I hate when I am missing super simple stuff.
d**** doesnât reuse passwords obviously. me has a mâŚ-shell as www-data.
me tooâŚso whats next now?
Rooted my first machine. Itâs a great stuff to learn. Thanks Traverxec. Everything is in front of my face, it was a face palm moment.
I have this rooted. If anyone needs a nudge feel free to PM. Iâm new to this field and Iâm enjoying ( and at times hate/facepalm/wtfkeyboardsmash ) every step of the way.
Keep at it.
If you donât use Linux on a daily basis, letâs just say, after reading what you have to read and understanding it, to get root youâre gonna have to think like a little kid, on the other hand if you do use Linux youâll get it pretty fast provided youâve read the manuals.
Really cool box!
Can someone PM me a nudge with the c**f file? I have read it so much I have the file memorized⌠does me no good.
Finally rooted. Learned much about the web servers while getting user, my hint for user: Eventual passwords are not as interesting as rebuilding the web server in a LESS restricted environment. Getting root was really tricky and if you donât know the answer, you will have a hard time finding it in the manual of an suspicious looking command. Anyway, most of the things in the forum are correct, just try them with an LESS big terminal.
For Hints, feel free to PM me.
can someone PM me a nudge? I have read the manual and the config file 100 times, and I have an idea what to use, just not what to do with it
Hello this is my second box.
Can anyone help me how i can run an enumeration script after having a shell
This was a fun box, and a great reminder of proper enumeration and research. Thanks @jkr I really enjoyed rooting this one!
Still stuck on the root. Read the hints here , l***, g*******, etc., read the manual there, but still dumped back to user shell. Give me some hit, please?
Type your comment> @rmn0x01 said:
Still stuck on the root. Read the hints here , l***, g*******, etc., read the manual there, but still dumped back to user shell. Give me some hit, please?
I have only one good advice for anybody who has problem with root access: FORGET LESS. Although LESS can be connected to the solution, it easily misleads you.
Hello, can someone give me a nudge on the root? Iâve got all the pieces, just confused as to how to put them together / how theyâre supposed to work. Thank you!
just rooted this boxâŚwhat a ride!
foothold - fastest one ive ever done hereâŚwithin minutes. Its a pretty chatty server on your recon scans with a well documented vuln and exploit.
user - this one was actually really tough for me and i had to read through the entire thread to wrap my head around it, but once I got it, I literally slapped myself. YesâŚread the the n*****o c**f file and yes read the manualâŚbut what got me is that my local enumeration completely contradicted my understanding of the system configuration. My advise - dont be deterred by the permissions on user! if you have a bad habit of peeking into folders being going into them (like me), then just get in without peeking 
this literally turned me into the Jackie Chan meme
root - another super weird one for me, as i have been spoiled with fancy terminals and huge monitors, so never had the pleasure of having to adjust the dimensions. Examine the userâs dir and find his âadminyâ stuff. Learn about j*****ctl thoroughly and understand its method of displaying data on your screen, then what its arguments are doing. Force the app back to its ânormalâ way of showing data, then âpopâ back out
if you rooted this box through another method other than mineâŚplease PM me. I would really like to know if there is another way.
hit me up if u need help
Finally, rooted this box. I found getting the user.txt flag much more frustrating than root.txt in this case. As many have said already, there are enough hints in the forums to get you through this one.
Hi,
My second box. Stuck on user. What I tried so far:
- I read the config and corresponding manual, but this lead me only to âprivate spaceâ. However, I found that ls is not always a good idea, so I though I could get keys like that, but seems like I donât know the right dirâs name.
Any nudge would be highly apprecieated.
Besides, does anyone poin why I canât transfer files? I tried python and nc.
On box: nc -lvp [port] < [filename]
On my pc: nc [box ip] [port] -w3 > [filename]
What do I do wrong?
PS: With python - it doesnât throw any error. iptables ?
If you donât like to spoiler on forum, please DM me.
Type your comment> @bumika said:
Type your comment> @rmn0x01 said:
Still stuck on the root. Read the hints here , l***, g*******, etc., read the manual there, but still dumped back to user shell. Give me some hit, please?
I have only one good advice for anybody who has problem with root access: FORGET LESS. Although LESS can be connected to the solution, it easily misleads you.
thanks!
rooted
I used john to get the password for user david. When i try to used it sudo david it tells me is wrong. I am using it for the right login?
edit- I was able to get the user flag. Now stuck in root. When i execute ./s*****.S****.h file it gives me an error (failed to su d**d. Any ideas what i can do?
Type your comment> @Nism0 said:
Besides, does anyone poin why I canât transfer files? I tried python and nc.
On box: nc -lvp [port] < [filename]
On my pc: nc [box ip] [port] -w3 > [filename]
What do I do wrong?
For the issue with nc - check the help for an option that looks for the end of a file - that got it working for me.
And make sure the <> are the right way round (this got me more than once!)
Real noob here. This is my very first box. With the CVE and manual code I can at least execute code on the box and look around. but I canât seem to get a shell to work. when I try msf, it does not open a session for me.
Any tips? (also per PM)