• This was fun and CTFy. A couple of hints from where I got hung up:
    Foothold: Are you being teased, or is that a hint?
    User: If you can't remember where it is, you're not using everything at your disposal yet. Enumerate a bit more!
    Root: Yo dawg, I heard you like shells. So we put a script in your script so you can shell while you shell.

  • When you going for root, just remember to be very quick in executing the command after you've made changes to the file as I took too long on this machine and it was all about timing.

  • Finally rooted! It was my first-ever machine I solved so I'm really happy! Thanks to @MiningOmerta who helped me when I was to dumb to use the right commands!

    For the foothold, the solution really is right in front of you. Do OSINT, it's as simple as googling one word.

    To get to user, watch at what you should watch EVERY time you get on a machine!

    I think root was the hardest part, as a tipp:

    As Winnie-the-Poo got the news on the blackboard he forgot the protection so everyone could write their own news to the blackboard.

    I hope I didn't spoiler to much, If you need an extra nudge you can PM me :smile:

    Good Luck!

  • rooted. There are big nudges in comments :) you may ping if you are stuck.


  • I'm sure I know the way to root but the window only opens once in a long time (talking about the news here) - atm I'd have to wait 6 hours. Is there a way to speed this up or is there another way to root?

  • @0xRand0m said:

    I'm sure I know the way to root but the window only opens once in a long time (talking about the news here) - atm I'd have to wait 6 hours. Is there a way to speed this up or is there another way to root?

    I am not sure what way to root you are planning but the way I used is very much under your control.



    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • The amount of spoilers here is too damn high :D

    I liked the box very much.
    Amazing foothold, nice user1 to user2 migration thanks to GTFO and with the help of pspy it was way to easy to find the weak spot here.

  • I spent so much time on root part. If you didn't use ssh login for we***min, you can not do privelege part. Or I am missing something, not sure.

  • Still don't understand the hints on getting root with this box
  • after updating update-mol... file when i try to relogin through ssh it is asking for webadmin password any solution can't get root password

  • Type your comment> @inth3WILD said:

    Still don't understand the hints on getting root with this box

    Look for some processes.

  • Rooted. This was a fun box. Certainly learnt some useful stuff! Thank you for the box, @Xh4H . Feel free to DM me if you're stuck

  • Rooted.
    Root flag was funny @Xh4H :)

  • Rooted.

    Happy to hint if anyone needs help.

  • edited July 2020

    found it

  • Finally after some days and with the huge help of the comments on this forum this morning I was able to get the root flag (my first box btw)
    But I admit that I didn't totally understand the process.
    Well, I understand what I should do, but I really don't understand the process of finding the 0*-*****r with pspy.
    Could anyone explain this to me? In particular I have two questions.
    1 - how do you install pspy on the machine? Or what did you use instead?
    2 - how did you know that this is the right process to modify? I mean, I read I lot of people talking about the ID, but i didn't understand that.
  • Just rooted this one. nice machine :)

  • edited July 2020

    Finally Solved!
    The tips in this thread led me down a 4 day rabbit hole unnecessarily.
    Some hints for those struggling as much as I did.

    Initial Foothold: The "hacker" told you what to look for, google his name and try the different ones. Once you find the right one, a simple google search brings you back to find the cred.

    User: There is a message for you to find, once you find it, don't do what I did and spend a bunch of time learning that method. Simply do what you would normally do to change users, and find a 1 liner to solve the problem that arises. (extra hint: it wont work unless you change the lock so that your keys work)

    Root: There is a file that ran when you used the right key. Tell it what to do and the next time you use your keys, it will give you what you want.

    If this helped please give some respect!

  • Got root lol very gd puzzle had to be fast :>

  • rooted
    It's a simple box, i don't like it because so like CTF.

  • Rooted, very fun box for a beginner like me.
    Thank you Xh4H!!!

    Init: You can't be lazy enough with google
    User: Enum, see what you are allowed to do, and learn a new language (at least for me)
    Root: This was really fun, backups are important to not spoil the game.

    PM me, if you need a nudge


  • Good box but it is laggy as hell.


  • This was a nice and quick box to work on. Google-fu, history, and peas helped me to escalate my way to root.

  • Hi,

    I can use some help with priv esc to root.

    So far I have the following (I hope I don't give too much)

    I have access to the box as SA user. I have found an interesting process with accompanying files that I can write to. The problem, for example when I edit a file and execute it manually, I have Code execution (ping & shell)

    Only thing that I run into now is that the process doesn't trigger my code, logically the process only uses cp.

    But now the 1 million dollar question, how to proceed from this point. Am I missing something, am I completely wrong?

    So I hope someone will share the thought process with me and help me further.

  • User was a breeze, all you need to do is already mentioned in there. Root is a bit tricky, a quick 2 steps process. And I had to experiment with different reverse shells to get it to work. Learned a thing or two. Thanks to the author(s).

  • Just managed root. Have to say, not really a fan of foothold, but hey, it's a different concept from what I'm used to and this isn't real life anyway, so it's whatever. Getting both user and root were interesting tricks to add to my arsenal; I was a little scared when going for root because I thought I was gonna screw up the box for everyone else, but I realized that's not really possible. PM me with questions. Happy to help!

  • rooted !!
    it was a wonderful machine

    i was stuck in root part but i figured it out at last.

    root: after writing on the changing file ... just try to enter from another port. time is the key.

    Seek knowledge from the cradle to the grave

  • edited July 2020

    I got the backdoor, but don't know where to search for user

  • User and Root!
    God this was hard for me personally, because I just started with trying to do ctf's so I can have some kind of skill in life.


    USER: Google is your friend and you can always make locks and keys.

    ROOT: Google is your friend and timing is very important.

Sign In to comment.