So I'm about 91.6% sure about the path to a foothold, I just am having a hard time installing tooling. For those struggling, think of the name of the box and what app is running something like the name, and what we commonly look for to exploit apps.
I figured that part out but I am having trouble putting it against the machine ip
So I'm about 91.6% sure about the path to a foothold, I just am having a hard time installing tooling. For those struggling, think of the name of the box and what app is running something like the name, and what we commonly look for to exploit apps.
I figured that part out but I am having trouble putting it against the machine ip
If we're talking about the same thing, I think we have to modify the payload and the encoding seems finicky to me, but I generally don't know what I'm going. lol
'Error "Operation not permitted" while writing config' What does it mean? I'm on the way to root and it keeps gives me this error when trying to log with t**p. Someone could help me?
'Error "Operation not permitted" while writing config' What does it mean? I'm on the way to root and it keeps gives me this error when trying to log with t**p. Someone could help me?
'Error "Operation not permitted" while writing config' What does it mean? I'm on the way to root and it keeps gives me this error when trying to log with t**p. Someone could help me?
For those stuck at the priv esc with the error, think about what type of authentication you're using. Its hard to communicate when you're out of sync with each other.
Good Machine, going into this machine I did not know what to expect because I never messed with **** or *** before. I have learned a lot from just this one machine so Congrats. Nice little secret code that I didnt know was possible with this language, so that would be useful for the future if I run into it again.
@polarbearer thx for that awesome machine, learnt a lot of interesting stuff!
Hints:
Foothold - read all the stuff you can and think how to check if its safe?
Root - a bit of enumeration and doublecheck if you are 'synced'.
Completely lost on this one. I get it from the hints that there's an obvious vulnerability somewhere, i come up with only one candidate and there's a very quick check that shows it's not vulnerable to it.
Finally rooted, great box. For foothold, look at the name for ideas - what you need is rather recent. If your payload doesn't work, play around with other potential payloads. For root, just ensure running the command "date" on your local machine, and on the box match.
Comments
Type your comment> @pizzapower said:
I figured that part out but I am having trouble putting it against the machine ip
Type your comment> @DancinHype said:
If we're talking about the same thing, I think we have to modify the payload and the encoding seems finicky to me, but I generally don't know what I'm going. lol
'Error "Operation not permitted" while writing config' What does it mean? I'm on the way to root and it keeps gives me this error when trying to log with t**p. Someone could help me?
Type your comment> @totem4 said:
PM me what youre trying to do
Can someone PM me a hint on what code im suppose to change for the ***** to execute R*** ** *****
Rooted.
Thanks to "polarbearer" for this very nice box.
PM for nudges
Type your comment> @totem4 said:
I'm currently stuck here as well
I need help. I got my U****** to change to the b*** but what do I do with it>?
For those stuck at the priv esc with the error, think about what you're using. Its hard to communicate when you're out of sync with each other.
Type your comment> @gointhrushell said:
check your PM
Yay! Now I get to completely rebuild my OS. God I really love this box
Edit: In retrospect it was kinda my fault. Gonna have to add ruby right underneath cryptographic attacks on the list of things I dont understand
Always happy to help, DM me if you need anything!
Link to Profile
Very cool Box !
Initial foothold was a bit more tough . User to root was kind of smooth and straightforward when you find it .
Type your comment> @gointhrushell said:
I've already rooted but the arena kicked me off as soon as I turned in the root hash. I wasn't done and now I'm on VIP with this same error... ?
Type your comment> @PrivacyMonk3y said:
I'm getting the same error, i guess it has something with the time sync but still it's weird
Good Machine, going into this machine I did not know what to expect because I never messed with **** or *** before. I have learned a lot from just this one machine so Congrats. Nice little secret code that I didnt know was possible with this language, so that would be useful for the future if I run into it again.
Type your comment> @Selcius said:
Fixed it, well i was right it had a problem with time sync between the machine and my own machine.
Hmm, can't seem to establish a reverse-shell connection, might be payload encoding (although it seems fine) - anybody have any tips?
@polarbearer thx for that awesome machine, learnt a lot of interesting stuff!
Hints:
Foothold - read all the stuff you can and think how to check if its safe?
Root - a bit of enumeration and doublecheck if you are 'synced'.
PM for nudges, will be glad to help you.
OS rebuilt, can finally go build this payload now
Always happy to help, DM me if you need anything!
Link to Profile
After sending the payload I see the code on the top of the title bar, but nothing happens, no shell returned. Has this happened to any of you? Thanks.
> @pizzapower wearing all black?
Yes. I'm at my own funeral, lol. Still can't get my payload to work, and I've been too busy this weekend to work on it much
So I'm getting the 500 error but none of my payloads are working, tried a bash one-liner and nc rev shell
Anyone else having the same issue?
Always happy to help, DM me if you need anything!
Link to Profile
Type your comment> @zerologon said:
Go to a place and try to load it
i'm stuck with getting R**. pm me anyone please
i created payload and pasted it but when i send that i doesnt get shell in nc
Completely lost on this one. I get it from the hints that there's an obvious vulnerability somewhere, i come up with only one candidate and there's a very quick check that shows it's not vulnerable to it.
eCPPT | OSCP
I give up. The bugs have made this box unsolvable.
Always happy to help, DM me if you need anything!
Link to Profile
Rooted! Feel free to DM for tips or hints. Actually a fun box in hindsight.
Finally rooted, great box. For foothold, look at the name for ideas - what you need is rather recent. If your payload doesn't work, play around with other potential payloads. For root, just ensure running the command "date" on your local machine, and on the box match.
Rooted. Box was all buggy yesterday, today was a bit better. Root was straightforward, user was a lot more difficult. PM me for nudges, happy to help!