Reminds me of one of the previous easy machines actually. Got foothold too, should be straightforward to everyone as it is very well described in a nice video out there. Anyway, wait until you finish it to say whether it's easier or not than the other two
I was working on Worker and got frustrated. So I decided to try this nice new one for a change of scenery. "It'll be something new and different" I thought... LOL
Anyone able to get a shell? I pulled the user flag but haven't found a way to get a callback on my reverse shell. A nudge would be greatly appreciated
Disregard. I had a shell the whole time. I'm just blind
I looked at who else I should go after and then went back to the UI much like a very recent box. I see a project but unsure if this is a rabbit hole. I was thinking there might be juicy that they accidentally pushed up.
Still can't find a way to get D user..
I got the /r_p but doesn't seem to be working on any user.
Any nudges will be appreciated
edit: rooted uid=0(root) gid=1001(xx) groups=1001(xx)
Still can't find a way to get D user..
I got the /r_p but doesn't seem to be working on any user.
Any nudges will be appreciated
edit: rooted uid=0(root) gid=1001(xx) groups=1001(xx)
Hey, I can’t find anything interesting. I already searched for directories with Dirbuster... nothing. Looked for something interesting in the source code... nothing.
I would be very thankful if someone could give me a hint to what to look for, maybe via pm.
EDIT: received a hint
I read the user flag real easily (using one technique against the software), but don't seem to be able to get RCE (using a different technique against the same software), even though I've used this fine in other challenges. Therefore I can read a lot of things, but no shell for g or d user. Going round in circles. Anyone able to help me get back on track?
Edit: the RCE technique worked fine - I just had bad characters in my payload. Got root, and more. Good box - definitely learnt a few things - including to not take anything for granted and keep disciplined.
Comments
I am unable to spawn this box on VIP+

Wow I am a fool lol. It says "Live" but on the page there is still time to release. Disregard me
*****-****** isn't rabbit hole?
Any nudge with foothold...
Type your comment> @Embargo said:
I'm at this point as well
Wow this medium box is easier than the last 2 easy ones. Got foothold, working on user now.
Reminds me of one of the previous easy machines actually. Got foothold too, should be straightforward to everyone as it is very well described in a nice video out there. Anyway, wait until you finish it to say whether it's easier or not than the other two
Wow I kept searching around for priv esc. Turns out I could already read the user flag... Working on that root flag.
Type your comment> @FQuen said:
Weird. This isn't the case for me.
i'm got user, some tips for root ?
I was working on Worker and got frustrated. So I decided to try this nice new one for a change of scenery. "It'll be something new and different" I thought... LOL
Anyone able to get a shell? I pulled the user flag but haven't found a way to get a callback on my reverse shell. A nudge would be greatly appreciated
Disregard. I had a shell the whole time. I'm just blind
I looked at who else I should go after and then went back to the UI much like a very recent box. I see a project but unsure if this is a rabbit hole. I was thinking there might be juicy that they accidentally pushed up.
Learned a lot from this box, was a fun challenge and showed me some cool new things
Interesting box.
Type your comment> @exord26 said:
Any tips for user?
Got initial foothold, any nudges for user dd
User was fun.. root is driving me insane. Doesn't help that I can't seem to get an interactive shell to work..
got footholdstucked on user escgot root
Still can't find a way to get D user..
I got the /r_p but doesn't seem to be working on any user.
Any nudges will be appreciated
edit: rooted
uid=0(root) gid=1001(xx) groups=1001(xx)
Type your comment> @ElleuchX1 said:
any nudge for D user? @ElleuchX1 @Embargo
Looking to discuss. Got root flag but definitely not intended way. Never got. Shell. Lol definitely an odd box.
Finally rooted this machine and got the flags an unintended way. Nice box with some new learnings.
I got shell with g user, but got stuck afterwards. Any nudges?
can't find the root flag pretty weird
Hey, I can’t find anything interesting. I already searched for directories with Dirbuster... nothing. Looked for something interesting in the source code... nothing.
I would be very thankful if someone could give me a hint to what to look for, maybe via pm.
EDIT: received a hint
Is the machine broken as there's no root.txt anywhere?
Type your comment> @purplenavi said:
Not broken. There is more work to do. This is where I am at and am having some errors with my process.
I read the user flag real easily (using one technique against the software), but don't seem to be able to get RCE (using a different technique against the same software), even though I've used this fine in other challenges. Therefore I can read a lot of things, but no shell for g or d user. Going round in circles. Anyone able to help me get back on track?
Edit: the RCE technique worked fine - I just had bad characters in my payload. Got root, and more. Good box - definitely learnt a few things - including to not take anything for granted and keep disciplined.
any hints for initial foothold? send me a pm pls
Rooted!
It was same like redoing the laboratory for initial part. But overall learnt an interesting technique while escalating to root.