Finally got root! Was a nice learning experience ^^
Still looking for a hint, please, I’m stuck with a user, salt and pass that I can’t utilize properly apparently… help?!
I know this sounds silly but I did basic recon and I took note of services but I really can’t find an exploit … can I get help?
Type your comment> @userp419 said:
I know this sounds silly but I did basic recon and I took note of services but I really can’t find an exploit … can I get help?
There is Firefox plug in you have to install to determine the software find an exploit based on that software
Type your comment> @H3L1OS said:
Type your comment> @userp419 said:
I know this sounds silly but I did basic recon and I took note of services but I really can’t find an exploit … can I get help?
There is Firefox plug in you have to install to determine the software find an exploit based on that software
I just used nmap. But I’m looking for a metasploit module or a script for this particular versions, I can’t find anything. Yes I am noob 
Kudos for the creator of this box.
@userp419 said:
Type your comment> @H3L1OS said:Type your comment> @userp419 said:
I know this sounds silly but I did basic recon and I took note of services but I really can’t find an exploit … can I get help?
There is Firefox plug in you have to install to determine the software find an exploit based on that software
I just used nmap. But I’m looking for a metasploit module or a script for this particular versions, I can’t find anything. Yes I am noob
@H3L1OS comment is right. Try to determine the software, enumerate, then look for an exploit. You don’t even need a plugin in this case to check the technology that is being used.
@bipolarmorgan said:
Still looking for a hint, please, I’m stuck with a user, salt and pass that I can’t utilize properly apparently… help?!
Check the tool you used to get those pieces of information. It probably has an option that could help you.
Type your comment> @twypsy said:
Kudos for the creator of this box.
@bipolarmorgan said:
Still looking for a hint, please, I’m stuck with a user, salt and pass that I can’t utilize properly apparently… help?!
Check the tool you used to get those pieces of information. It probably has an option that could help you.
I believe i cracked the password, now where does it belong? EDIT: DUH, nevermind, I have user now… on to root. Any hints on pivoting or privesc?
First root!! I’m feeling really good about this one. Thanks to whomever left a copy of p****4 in the home folder. Really helped out. Thanks to everyone for all the hints in this thread!
Rooted! Feel free to DM me for info. Privesc can be a little frustrating if you are looking at the wrong thing.
ARGH - root is very difficult, I’m still pounding my head against a wall hours later, staring probably right past the answer. EDIT: Yup, I was staring at the answer for a while. Had to retry a couple times to get the method to work as well, DON’T GIVE UP!!
my first rooted box 
thanks for all the tips. And hi to whoever was chatting on wall yesterday ;D
Well, I watched and learned… p****4 was helpful and confusing at first. Root was harder than expected. PM me for hints. I should’ve thought to use wall to chat with other users on the box, seems stepping on toes was an easy task, it’s like we were fighting to take root.
6hrs of banging my head against a wall and countless hours of research and reading I still cant figure this out, especially when my script errors out.
Got root. PM if you need a hand.
I got user.txt but priv escalation has been a dead end … any hints?
Type your comment> @squid22 said:
I got user.txt but priv escalation has been a dead end … any hints?
You aren’t going to use privesc on this … PM me if you need more help.
Enumeration I believe is what it’s called, bear with me and anyone feel free to correct me if I’m wrong with my terminologies. Enumerate the system - folders, files & processes that run as root are where you need to be looking… there’s a tool that I found most handy, but I’m not sure if I’m allowed to post it here, so PM me.
@SpicyWeasle said:
6hrs of banging my head against a wall and countless hours of research and reading I still cant figure this out, especially when my script errors out.
where have you gotten so far? it’s hard to be helpful without first knowing that at least. However, if your script is erroring out, you should figure out why … is it giving an error message?
Type your comment> @bipolarmorgan said:
@SpicyWeasle said:
6hrs of banging my head against a wall and countless hours of research and reading I still cant figure this out, especially when my script errors out.where have you gotten so far? it’s hard to be helpful without first knowing that at least. However, if your script is erroring out, you should figure out why … is it giving an error message?
Sorry bipolar, I had resolved that part of my issue thanks to another user in helping me.
I’m having some trouble figuring out the user exploit script. Could someone PM me to go over it? One of the options isn’t working for some reason…
Edit: nevermind…I assumed no output to be an error and that the process couldn’t finish that quickly
I found an exploit and I got credentials but I they don’t really seem to work anywhere. I tried the a**** page, doesn’t work there. I also tried using same credentials with a default account, not working. Can someone give me a hint?