Curling

1171820222332

Comments

  • OK, onto root now. thanks guys for the tips!

  • stop defacing the index !!! wtf

  • @nonamesfor said:
    stop defacing the index !!! wtf

    but that's half the fun! :tongue:

  • Finally rooted that one. Root.txt was quite simple, but root shell was a bit more elaborate because I didn't know such methods. Learned quite a few things. Thanks @L4mpje for this box, was quite fun ! :)
    If anyone needs a few hints, send a PM !

  • edited January 2019

    Got User and Root.txt. Can anyone PM me hints for root shell ? If you're gonna PM me for hints, please include what you tried and didn't work and we can go from there. Literally had one person PM me saying can I know what the solution is and I'll learn from the solution. SMH

    UPDATE:

    Thanks @devilswolf @jkr @L4mpje and everyone on this thread for your help! It's only easy once you know how :D

  • Allright, I have to ask. Either someone is trolling me (I see you in there =P) or I am overlooking something right in front of me. So far, I've gotten this:

    • I have the user.txt and low-priv user shell both through reverse shell and through ssh, so I can run commands as two users.
    • I can see the files in the a****-**** and see the events and the output.
    • I can use those events to make other things happen by editing things, but that may screw things up for other people here, so I have not used this avenue.

    What am I missing here? I can not for the life of me find the source of the changes reflected in the a****-****.

    Any hints or nudges in PM would be welcome.

  • @sec4rc You are on the right track. If you are concerned with screwing anything up, just be sure to quickly change things back once you are done.

    n00b

  • edited January 2019

    I am really enjoying this box, so far managed to get low level shell in 15-20 mins, the user escalation was pretty simple for me, I have just completed the "overthewire" bandit tutorials, and the file type jogged my memory straight away, so I had user shell within 30 mins. I also have also worked out why the box is called 'curling', now just to exploit this, having an issue with other users over writing my data before my plan works. I'll attempt root again and at quieter period.

    Edit: It wasn't others users, it was clearly a cron. I have root, be quick :+1:

  • @MakoWish said:
    @sec4rc You are on the right track. If you are concerned with screwing anything up, just be sure to quickly change things back once you are done.

    Thanks friend. It helped to take a step back. I used the i**** to spawn a reverse shell yesterday, but since that didn't return with the credentials I (wrongly) expected (at 4 am in the morning) I drew the wrong conclusions and started trying to get at the file which informed the i****-file. That was, in retrospect, stupid. =)

    Did what I needed with what I had in front of me, and that took me to the root.txt and through a weird detour to root shell.

    If anyone need hints, I'll gladly help if I can. Fun box. Creds to the creator!

  • DAMN IT.
    STOP MESSING WITH THE INDEX PAGE.
    Have you considered trying to put your testing efforts on a separate page instead of screwing up the machine and reset it every 2 min?

  • need a tip or a push in the right direction with getting or seeing user. I can see the .txt location just don't know how to view. the commands I've used doesn't work. i may also be overthinking it.

  • Right so I'm in the special a***n-a****s area, managed to get the user while on break at work, but maybe it's my tired friday night brain, I cannot figure out what to put in THAT file to get it to output what I'd like. Anybody able to give me a hint? Thanks.

  • @Epictetus said:
    Right so I'm in the special a***n-a****s area, managed to get the user while on break at work, but maybe it's my tired friday night brain, I cannot figure out what to put in THAT file to get it to output what I'd like. Anybody able to give me a hint? Thanks.

    If you can deduce what application is at work and the relationship between the files and what is going on around you, you should research that application's syntax and take it from there. You know what you want and where to find it. So go get it and output it where you are allowed to.

  • edited January 2019

    So I got root.txt, took forever on the VIP server. Switched to free and the same method worked instantly. Go figure.

    Thanks so much to @sec4rc and @jkr for the help. I guess I would have eventually gone insane if I hadn't tried the free server.

  • well, i was able to see user.txt last night but after the resets im back at square 1. i think i was able to see it due to someone who already had an exploit running on the machine. the machine is getting restarted every few mins so not able to do anything to figure this out. first time trying to do this.

  • The hint is there in the box's name. For the life of me, I couldn't understand the sport though.

    limbernie
    Write-ups | Discord - limbernie#0386

  • I got user and now I'm probably overthinking priv esc... Can somebody DM me with some hints?

    PM me on Discord: t0thkr1s#0880

  • Been through the whole thread, but still a little murky on privesc for root. I don't want to say much for sake of potential spoilers for others.

    I have user.txt already, have found the Area I need to be in for privesc, and am now trying to figure out how to use the necessary command and files together. I'm 99% sure I know what command I ultimately need to use and have been reading articles on it, but am having trouble finding info on how to properly do what I need to do with it here. If anyone's got a few mins to nudge me in the right direction via PM, I'd super appreciate it.

  • @Fighter81 said:
    It's in the main page....just look close... :-)

    I was with every one else. i tried everything I could but didn't think of one thing until you said that. I had the right username just not correct haha.

  • Hi Guys, i have a low priv shell as www-data and have found the P_B file. I have got the file extension but tried ways to decompress it but it says it's not that type of file. I have been through the over the wire bandit video but still unable to decompress it. Can anyone nudge me in the right direction? Ive been trying this for a day no. I got the shell within 30 mins and stuck on this.
    Thanks in advance

  • Just managed to get user and root. Hints here helped immensely without giving it all away. Thanks guys.

    However, could someone PM me hints about how to get root shell?

  • Can someone PM me with a hint to get a shell once I have the site login?

  • Been struggling for 2 days. I'm new with all of this and i know this box kind of easy for others. But i couldn't even find a way to upload the shell. Been trying LFI but no luck (or maybe i did a wrong way).

  • edited January 2019

    How many votes or how long does it take to reset box? Someone defaced it and cant do anything now..

    Edit: Fixed now but would still like to know how it works.

  • edited January 2019

    @Deus9 said:
    How many votes or how long does it take to reset box? Someone defaced it and cant do anything now..

    Edit: Fixed now but would still like to know how it works.

    Usually when you request it on your server it takes two minutes. This gives someone time to do the /cancel command on it to stop it if they are still activly doing what they are doing. So if you are on the free servers there could be a good chance it gets canceled.

    Plus I just defaced mine haha

  • Anyone that was able to get a root shell able to message me? With help I was able to get the root.txt, but I would like to learn how others are getting a root shell on the box to add to my knowledge.

  • Just took down this bad boi. Anyone need help pm me got root shell and everything.

    For root -> keep it simple, you know somethings are being saved to some files. U know a certain program is running who's name is very similar to that of the box lol. Finally, you have everything you need in the home directory of the lower level user!

    Good luck!

  • edited January 2019

    Nice challenge!

  • edited January 2019

    Can i please get some help with p***_b**** ? I know what file it is , **2. Tried a few things to open it or decrypt it with no luck.. can someone pm me with a hint please? (i did go through all the hints provided on this site)

    P.S PLEASE stop resetting the box every 5 mins! And stop defacing or adding upload forms to the main page... You can use a TINY command to get reverse shell, no need to upload files etc.

  • @Deus9 said:
    Can i please get some help with p***_b**** ? I know what file it is , **2. Tried a few things to open it or decrypt it with no luck.. can someone pm me with a hint please? (i did go through all the hints provided on this site)

    P.S PLEASE stop resetting the box every 5 mins! And stop defacing or adding upload forms to the main page... You can use a TINY command to get reverse shell, no need to upload files etc.

    Try running it through CyberChef (google it) - this helped me massively

Sign In to comment.