Curling

1121315171832

Comments

  • > @tulio666 said:
    > just decoded s*****.t** and logged into website. i was able to create an uploader.. but no shell i upload is able to do something.. when i access the shell it returns me http error 500.. what i'm doing wrong?

    Refresh And Do Again
    Or Don't Create Uploader
    Direct Add By Admin Panel😘
  • @Amzker said:
    > @tulio666 said:
    > just decoded s*****.t** and logged into website. i was able to create an uploader.. but no shell i upload is able to do something.. when i access the shell it returns me http error 500.. what i'm doing wrong?

    Refresh And Do Again
    Or Don't Create Uploader
    Direct Add By Admin Panel😘

    @Amzker said:
    > @tulio666 said:
    > just decoded s*****.t** and logged into website. i was able to create an uploader.. but no shell i upload is able to do something.. when i access the shell it returns me http error 500.. what i'm doing wrong?

    Refresh And Do Again
    Or Don't Create Uploader
    Direct Add By Admin Panel😘

    i did it a lot of times already.. can't understand why isn't working..

  • Had good fun and learnt some new skills with this box. User and root complete. Feel free to PM with questions.

  • Good box, got user and root flags and a root shell. My initial shell method didn't work but I was probably over-complicating things lol.

  • Got user.txt and root.txt, no root shell yet but it's still satisfying. Send me a PM if you need a hint.

  • anybody is in online PM me

  • I got user and root too, but no shell at all... someone can give me some hints?

  • any hint for kali? just got shell and need to decrypt p******_B****** file pm me!

  • google magic bytes byte

  • @Blkph0x said:
    google magic bytes byte

    I personally find it more useful to google interesting substrings of files that I'm looking at.

  • Root shell acquired. But using a very very messy and intrusive way that probably broke some stuff along the way.

    Would like to discuss root shell methods with those who completed the box, pm if interested.

    Can give hints too, but explain what you have tried so far and where you are or you will be ignored.

  • Hello,
    I'm actually stuck at the pa******_ba**** file and I found that it has something to do with bz*** but I'm not sure what to do with that.
    Could somebody give me a hint towards the right direction please? That would me much appreciated.

  • when you guys create an uploader on the home page you kinda are spoiling the machine for others, there are other ways, way more elegant and less noisy

  • Ive accessed s*****.txt and used 2 c tools on it , but nothing
  • @Florent said:
    Hello,
    I'm actually stuck at the pa******_ba**** file and I found that it has something to do with bz*** but I'm not sure what to do with that.
    Could somebody give me a hint towards the right direction please? That would me much appreciated.

    What you need is in the forum posts. Take a step back before you can move forward.

  • edited December 2018

    Hi guys I got the user flag I can give you hint about user but I am stuck on the root flag I know I should edit something in a*****-a***** and use c*** but I can't go any further. Thanks.

    edit: nvm got it

  • edited December 2018

    Currently stuck on the root part. Need a hint for the two files.

    Edit: Got the root hash, but do not know how people invoked it. Have a clue but would like to ask someone who already rooted the box. Someone who is willing to explain it to me PM me please :)

  • Does it really have anything to do with cewl tool?

  • Done. Anyone able to send me a DM, I have a couple question around method etc and would be good if someone can shed some light for me. Cheers

  • edited December 2018

    Got it!

  • hello everybody... I'v been able to find the user and the password... I logged in as super admin... what's next? I tried to upload a php to get a reverse shell via an uploader that some one put there but no luck. I don't even know how to put an uploader by my self. > @natanrigailo said:

    when you guys create an uploader on the home page you kinda are spoiling the machine for others, there are other ways, way more elegant and less noisy ...

    Can you give me a nudge about this method?
    Thank you

    |GPEN|CEH|eJPT|CySA|

  • Hello guys,

    I must be really stupid, i found the s*****.**t but i'm unable to login with common username such as admin, administrator, superuser, even Floris lol can you guys help me ?

    thx

  • edited December 2018

    I can’t, for the life of me figure out what’s going on in the a****-****a folder. I’ve tried messing around with both files, but no dice. Can someone PM me the teensiest hint possible?

    EDIT: rooted, how silly of me. Any pointers on popping a root shell?

  • Can some one help me with pa******_ba**** file I know it is bz*** I used xxd -r to convert to original bz*** but unable to decompress it as it's show corrupted

    Pls PM me any help will be appreciated
  • @ronak360 said:
    Can some one help me with pa******_ba**** file I know it is bz*** I used xxd -r to convert to original bz*** but unable to decompress it as it's show corrupted

    Pls PM me any help will be appreciated

    use the file program

  • @ronak360 said:
    Can some one help me with pa******_ba**** file I know it is bz*** I used xxd -r to convert to original bz*** but unable to decompress it as it's show corrupted

    Pls PM me any help will be appreciated

    same here....

    |GPEN|CEH|eJPT|CySA|

  • got root thanks for comments! ;)

    Arrexel

  • edited December 2018

    My thoughts on Curling. Some people said this was too easy while others said it was hard. My thoughts are there are a few things in the beginning that make this machine super frustrating but overall this wasn't a difficult box.

    Foothold
    Yes its what you think it is. "May the source be with you"
    After you find the thing that data is in the BASEment, floor 64 (this was the most frustrating part for me because this wasn't indicated anywhere)
    Read ALL the blog articles
    login and understand where you are. Some googling should point you in the right direction for a shell.

    User
    This one was fun. I hope this isn't a spoiler but this article helped me a lot (google bandit-level-12)

    Root
    Once on the box look around. You don't need to look real far to see whats going on. cat everything and once you see whats happening you should know what to do.

    PM me if stuck

  • same boat - got user flag got root flag, but unsure how everyone is getting/turning it into a root shell - would appreciate a PM - thx

  • Total newbie, first attempt at anything like this.

    I've got so far as logging into backend and have managed to get a shell uploaded, I can see files in the home directory but cant view the content of the files from web browser shell.

    Any tips would be appreciated.

Sign In to comment.