Registry

1356711

Comments

  • Finally got there. Holy crap, that privesc was so, so annoying. There are so many little "features" on this box that are just designed to be irritating.

    PM for hints; not my favorite box.

  • Got root... Finally!!!

    Funny box... Needed some clue from this board to get (back) on track, once figured it out how to proceed, it't just a matter of RTFM ;).

  • Well, this was interesting...

    I found the creds to the second shell before anything else, so I thought I could hit root directly... but Computer says no. So I had to go back and do it the way it is designed to be... damn it :P

    Anyway, hints:
    user: do your enum. There are obvious clues, then google and find a step by step article on what to do.
    root: find the one thing that really matters from your enum, and just follow the steps to be able to do what you want to do.

  • Thank you @thek great learning experience && nice box :)

  • Is the /bt/bt giving you guys 502 Bad Gateway error ? or is it just me

    trollzorftw

  • Can someone pm me to help me please. Thanks

  • I'm on the final point any hint on how to get rshell as user wd tried bind and reverse for million types with no luck managed to get command execution though.

  • I'm in the last step for root and trying many things to have my new she'll but each time I have an 504 error . Are the box broken or it's normal ? ..
  • Fortunately User.txt was quite easy to get. But now I'm stuck at root :(

  • Can someone clear out one thing to me.
    On my way to root I'm able to get rev shell as that -d user.
    However the shell is buggy lags in responses.
    Am I doing something wrong or the box is just buggy?

  • Could use a nudge on the initial enumeration. I've found /b*** but can't seem to find anything useful there..

    Should I be using something other than directory-list-2.3-medium.txt?

  • Type your comment> @Lycist said:

    Could use a nudge on the initial enumeration. I've found /b*** but can't seem to find anything useful there..

    Should I be using something other than directory-list-2.3-medium.txt?

    Go thro the nmap results again ..This time very carefully :)

  • Anyone else having constant term lock-up when ssh'd in a user?

  • @ow1joker
    Same here and I'm on VIP server.
    Also my other shell is acting up the same.
    Not sure why. Trying to figure out.
  • Which user? I have no problems on free eu-1

  • The b one and the w one.
  • edited October 2019
    User was fun! Really like the box so far, thanks @thek
    that's an interesting way to learn the app used on this box

    user tips: (almost) everything can be done manually. no special tools or techniques needed. find out what app is installed on the box and start reading the docs. you want to fetch the thing. after that spin it and look what you've got inside. all you need is the key and to check every file in ~

    root: find the app and login, check out the file at the app's dir, you want to have access to that user who runs the command, serve...

    Great box, really liked it =)
  • Very fun box @thek !
    Thanks @lukice for the priv esc nudge.

    adding to the great hints already found here.

    • User: think about the title and containers. Did you check what was that garbage data you enumerated? Read the docks!
    • Root: you're probably right to be thinking about that file you found, who can run it? what does it run? read the docs, check the rest ;) remember you can serve if you build.

    Feel free to reach me for a nudge if you feel stuck.

    ¯\_(ツ)_/¯

  • I agree, this is annoying. I know exactly what to do for root, but I can't seem to make a connection even for reverse shell (have browser based shell...) could somebody give me a hint? Probably some strange firewall rules...

  • Type your comment> @idomino said:

    I agree, this is annoying. I know exactly what to do for root, but I can't seem to make a connection even for reverse shell (have browser based shell...) could somebody give me a hint? Probably some strange firewall rules...

    Same!! stuck for two days now i know everything i have to do and have everything but still nothing i gave up on rshell for root just trying to read the key via wshell

  • Type your comment> @idomino said:

    I agree, this is annoying. I know exactly what to do for root, but I can't seem to make a connection even for reverse shell (have browser based shell...) could somebody give me a hint? Probably some strange firewall rules...

    Did you try to swap client/server?

  • edited October 2019

    rooted.
    PM for nuggets

  • Finally!

    [email protected]:~#
    

    Now that it's done, it feels good.

  • Can someone please confirm that I DONT need to use the o****A** server on u** 7***?

    Because I have NO IDEA how to use that :D

  • Now i got this error

    "List(key) returned error, retrying after 27.770234378s: Decode: invalid character"

    when i try to backup any help?

  • i'm not able to read iptables just yet but I can guarantee you that it's moderately nuts enough to be crushing most of what you are doing (or attempting) with the final steps. despite having the entire dir I don't have the proper access codes.
    sad.

    if anyone wants to talk about the end let me know.

    BeStrong

  • Spoiler Removed

  • User down, onto root.

    triki

  • Trying for root. Need nudge please if possible. Thanks

  • edited October 2019
    What a ride!
    User was relatively easy (comparing to root). It took me several hours.
    Root - a lot of features implemented just to keep you awake. It took me almost 2 days to figure everything out as I was not familiar with the technology and syntax.
    As other people suggested: read the docs of the thing you're trying to exploit.

    hint:
    For the second user, If you are unable to create working shell fast enough (it's possible but kinda tricky) then don't run, hide.
Sign In to comment.