Unintended root(s) on Fortress

So if you have not escalated your privileges to j4x0n user on the VM then this note is not useful to you… Yet.

I recommend you to even get the root flag first with all the ways you can find… and then reading through this note

Cute Cat Pic

So apparently, I didn’t knew as I was so dumb to not fix these stupid mistakes that lead to unintended root on the fortress VM. I know many were pissed and expected something more in the last chapter to root the box. Well guess what, my intention was not to give you that root flag that easily… The root was supposed to be a little more different than normal usual ways. The following unintends were found in order to get the root flag, which are not counted as the “official” way to get root.

• directory in the root folder (that was not supposed to be there, I was careless to leave it there
• logs — You can’t find the root flag in the logs but again, the information you find in there is not a path you need to take to root the box the intended way.

Special mention consideration for skills

• Rewriting the file /usr/lib folder… It was not supposed to have write permissions but you still do half the work that you were supposed to do in the intended way, so this is still acceptable.
• There was one unexpected way found which was new to me too, that was reading root flag through stderr output of one of the SUID (If uk, uk). You can take points for this one too (coz I would’ve not seen this) but again, this was easier. So you may wanna hunt for the harder way, as it can be countered if the name of the flag file was not given. (Still, good job if you found this way 👍)

So now, try finding other way to root the box… If you really wanna give a challenge to your skillset, #TryHackMe now(The box, I mean… NOT ME PLZZ!!). Yes, it is very much root-able even then (The original method I thought a user would go through to root the box). You can find the original write-up in some future blog posts/videos posted by me or other people.

Ps: I know once you get the root flag you lose the feel to be challenged, but again, if you really wanna check your skillset… I gave you the conditions, try bypassing the flag now. 😉

Still got any queries? or got any suggestions? Hunt me down my socials ❤ (preferably, Twitter)

Peace.