# id && hostname
uid=0(root) gid=0(root) groups=0(root)
traverxec
I have command execution but canāt find user.txt and also need some guidance on priv esc. (hopefully this wonāt be considered a spoiler). Can someone pm me?
Edit: and also i do not have creds to the local user on the box.
Just rootāed :D. Iām now questioning how many times I spend hours reading through enum scripts and directories just to realize that, in itself, can be a rabbit hole. Spend hours with service level access meanwhile had the answer on my kali box waiting to be cracked.
Root was a little less painful for me. I ran the same enum scripts but focused mainly on the home dir files. I agree there is some value in the less command from GTFOBins but donāt focus on the less command itself, instead focus on modifying the file. I found no value in changing the size of anything.
Edit: The worst part about this box, is how many times itās reset. Then you try to cancel the resets in shoutbox and they get annoyed. Itās like obviously Iām canceling your resets cause Iām trying to work the box. Be considerate of othersā¦
I have been stuck for many days in this box. I already have low shell, I have the creds for the .h***d file, even I get access to the ~dd page, Also I have read many times the conf file and the official documentation from the server, trying to figured out what is next, but I dont get it. So, if someone can give me any hint about what I have to do in order to get user, I really would apreciate it
Type your comment> @LordJhony said:
I have been stuck for many days in this box. I already have low shell, I have the creds for the .h***d file, even I get access to the ~dd page, Also I have read many times the conf file and the official documentation from the server, trying to figured out what is next, but I dont get it. So, if someone can give me any hint about what I have to do in order to get user, I really would apreciate it
Focus on the section of the documentation specifically mentioning users home directories. PM if you need further help.
Type your comment> @su1tan said:
Type your comment> @bumika said:
Type your comment> @RedNas said:
Rooted
Man the step from user to root was so simple in the end, but what a brainteaser
Still canāt fully process why it works, so if anyone could PM me how āthis one simple trickā gives root Iād appreciate it!Read the manual page of the command. The keyword is āwidthā.
Nice tip! Thanks!
This is the best tip. Thanks!
Hi.
Do I need to decrypt the id***a key? how? I tried to connect with this key and the pass but no luck with that.
Type your comment> @nuxmorpheus01 said:
Hi.
Do I need to decrypt the id***a key? how? I tried to connect with this key and the pass but no luck with that.
You can use john to decrypt the key,and before you should use ssh2john convert to john-compliant format.
Fun and quick box. This is the first time I saw Nostromo web server.
Tips: Decrypt all the passwords you come across. John and hashcat are your friends.
Initial Foothold: Look at your scanning results. Now use a popular exploitation software suite.
User: While the userās root home directory may be off limits, keep poking around in different ways.
Root: Ummā¦ gtfobins.
Well, I already got root
In summary, I found the process of getting the user more complex than doing root, although, in this last step, I learned some interesting things.
Thanks a @1urch
Just rooted.
If any of you guys are trying the resizing trick and do not get the result you expect, change the commands you are using. Concatenating commands is not mandatory. This and the resizing will do the trick.
Hope I am not spoiling too much.
Okayā¦ Iām going a little crazy. Was trying to hold off commenting. Like a lot of folks had posted, I have foothold, trying for user. Have some interesting info, have home dir, read conf and manual numerous numerous times, but canāt seem to find what Iām missing as to get past the Private space message. Have looked for important hidden things from home dir, but 404.
I would appreciate if someone would send a nudge or point me in the right direction other than just saying to continue reading the manual and looking at the conf file. Thanks!
Type your comment> @50m30n3 said:
Okayā¦ Iām going a little crazy. Was trying to hold off commenting. Like a lot of folks had posted, I have foothold, trying for user. Have some interesting info, have home dir, read conf and manual numerous numerous times, but canāt seem to find what Iām missing as to get past the Private space message. Have looked for important hidden things from home dir, but 404.
I would appreciate if someone would send a nudge or point me in the right direction other than just saying to continue reading the manual and looking at the conf file. Thanks!
DM me.
Rooted. Finally that was a lot of me missing the obvious.
Type your comment> @50m30n3 said:
Okayā¦ Iām going a little crazy. Was trying to hold off commenting. Like a lot of folks had posted, I have foothold, trying for user. Have some interesting info, have home dir, read conf and manual numerous numerous times, but canāt seem to find what Iām missing as to get past the Private space message. Have looked for important hidden things from home dir, but 404.
I would appreciate if someone would send a nudge or point me in the right direction other than just saying to continue reading the manual and looking at the conf file. Thanks!
I am in the same spot here too, can anyone give me a nudge as well?
Type your comment> @sshtw88 said:
Type your comment> @50m30n3 said:
Okayā¦ Iām going a little crazy. Was trying to hold off commenting. Like a lot of folks had posted, I have foothold, trying for user. Have some interesting info, have home dir, read conf and manual numerous numerous times, but canāt seem to find what Iām missing as to get past the Private space message. Have looked for important hidden things from home dir, but 404.
I would appreciate if someone would send a nudge or point me in the right direction other than just saying to continue reading the manual and looking at the conf file. Thanks!
I am in the same spot here too, can anyone give me a nudge as well?
If you found the manual, then you need to understand how you can flatten the grass on the way to the house to create a clear path. There is a variable that gives you the directions to the users houseāin the manual. I suggest you go through the manual and read about each of the variables to understand how you might use one to build a path to the houseā¦ahem, this can be done two waysā¦the other way, is all from the command line with a very common linux command and a couple options. 
Just rooted.
That last part was kind of weird in order to trigger the command right. I still have a question as to the permissions in the last part though; why do I have to copy the *.sh file in order to actually write to it even though it is owned by the user david and writable for that owner?
Please do not hesitate to message me for any hints. 
Edit: Donāt worry its because of the sudoers file.
uid=0(root) gid=0(root) groups=0(root)
It was weird in my first trial for root that the trick does not work. But, it worked now.
Pay attention to the configuration. I felt stupid after I got it.
Feel free to DM if you need help, Lets learn together.