Writeup

Hey i’m stuck on pspy tool…
Someone can DM me any hints? i know that i have to look for groups and permissions but i can’t modify noone of those directory :frowning:

Finally Rooted! Learned so much.
Hints for Root:

  • ippsec Lazy!!
  • pspy

Stuck on root, have tried the ideas gained from ippsec Lazy and pspy to no avail. Would love a pm with a little nudge

Edit: Got root, I wasn’t meticulous enough with my recon

Type your comment> @th3location said:

found the username and password r********9 and still no login to a****
any hints?

Did you check what other services are running?

@Fugl said:

Type your comment> @emaragkos said:

The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

This! :joy:

Tip for user: If you believe you’ve found something but not enough, you probably have found enough. Try to figure out what it is you found instead of looking for more content. Remember that it’s an “easy box”, so most likely the user shell isn’t going to require much effort - looking back anyway. When you feel like you can relate to the above quote, you’re in a good place. At least you’ll get the joke anyway.

This hint saved me. It’s like you’re searching for your hat, when actually your hat it’s on top of your head.

stuck on user… I’m trying to see into de /wr*p/adn… am I in the right way?

can anyone help? I’m stuck on rooting
put a file on a path with higher precedence on $PATH, but everytime i type which r**-p**** it just keep echoing the original path, not the path with higher precedence… help

Type your comment> @nd8792 said:

can anyone help? I’m stuck on rooting
put a file on a path with higher precedence on $PATH, but everytime i type which r**-p**** it just keep echoing the original path, not the path with higher precedence… help

Yeah, same issue. Tried u**** too, same result.

@jkr Thank you very much for this machine! It was really educational. Especially the privilege escalation.

greetings and happy hacking

FINALLY ROOTED. damn this machine was frustrating. but SO much fun and a great learning experience.
there is nothing else i can say that hasn’t been said yet.
so if anyone needs help with a particular step, PM me, ill give you a nudge.

The password I used to login to S** is being denied now?
E: Nevermind, mis-copied. Rooted!

stuck at P***, I tried add new script to /u**/*****/*in but no luck. Can anybody hint me please ?

Got user, if anyone needs a hint, just pm me.

ROOTED and DUSTED another one. Ready to help…

Finally rooted it. It was in front of my eyes all the time and I was so stupid to not realise.
If anyone needs help, just pm.

Rooted! I feel like an idiot for not realizing what I had to do to get root.
Always search for what’s Relative.

Feel free to PM for help.

Nice easy little box. I especially liked the user exploit.

User: Requires a bit of research online and maybe a bit of tinkering
Root: Needs a bit of thinking but is actually quite simple when you dig into it

Ahhh I spent 6 days and finally, I got the root.txt.

Thanks for the recommendation, it was hard for me because I wasn’t familiar about "How does Unix search for executable files? "

Root hints:

  • Use the tool ps** that other guys recommended.
  • What do you see interesting in the PATH?
  • Where are you allowed to write?
  • What processes are running using the Absolute and Relative paths?

Type your comment> @gorg said:

Does the pass of user *** have more then 8 characters?

I’ve cloned dictonaries from github, tried a couple of them and now I’m stuck with bruteforcing the md5(salt:hash) since I don’t have adequate GPU power.

EDIT: thx for the PMs, found out that I misshandled hashcat and that it makes sense to look closer at scripts (and their build in capacities) before usage.

in the same exploit you can crack it , just type -c -w /usr/…rockyou, or you can use hashcat if you have problem with device put --force

Type your comment