Official Sink Discussion

Official discussion thread for Sink. Please do not post any spoilers or big hints.

Comments

  • first

    Hahaha I now wonder if current boxes are just regular pentest whitebox codeaudit jobs for some client but the guy was too lazy and thought like "I'm ma make a box they gonna find it " :D

    Man insane again, what's goin on.. someone wanna team up? maybe I let it be right away... but I'm lonely and need distraction so...

  • Lol found the vuln it's too hard for me haha if you want it I'll share haha

  • Does the box's services (3### and especially 5###) seem really unstable to anyone else, even on VIP? Like they seem to crash/go offline even after a short period of simple browsing (no fuzzing)?

    Or is that supposed to be part of the scenario somehow? I don't think I'm doing anything that would warrant triggering some kind of block/crash.

  • Odd to see an insane box with 27 user owns so quickly. (For the avoidance of doubt I am not planning to look at this box for a few weeks yet - I cant help anyone)

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    Odd to see an insane box with 27 user owns so quickly. (For the avoidance of doubt I am not planning to look at this box for a few weeks yet - I cant help anyone)

    blood was a whole lot faster than tentacle as well, which is rated easier

    HcKy

    Happy to help. If any of my rambling is useful consider leaving some respect.

  • Perhaps there is an unintended way. I wait a while, before I start this box.

  • Type your comment> @kld87 said:

    Does the box's services (3### and especially 5###) seem really unstable to anyone else, even on VIP? Like they seem to crash/go offline even after a short period of simple browsing (no fuzzing)?

    Or is that supposed to be part of the scenario somehow? I don't think I'm doing anything that would warrant triggering some kind of block/crash.

    yup, unstable for me too. no fuzzing, just browsing.

  • edited February 1

    Type your comment> @HcKy said:

    Type your comment> @TazWake said:

    Odd to see an insane box with 27 user owns so quickly. (For the avoidance of doubt I am not planning to look at this box for a few weeks yet - I cant help anyone)

    blood was a whole lot faster than tentacle as well, which is rated easier

    Yeah... this is weird.

    But I wonder if the reported instability wouldn't be related to the name... if you send in too many people/requests, it "sinks". :wink:

    (Edited to remove typo. I guess it's too early to write without coffee. :sweat: )

  • edited February 2

    I'm looking for a nudge on root - don't know what to do with s******.*** - seems like I should use k** but no luck there or with the other usual means... open to DMs!

    Edit: nevermind, got it. Was on the right track it's just finicky AF.

  • I keep thinking I am knocking on the wrong door. I dont want to be that guy that keeps banging away at a brick wall but on the other hand, you never know until you try :) I may have to ask if I am at least in the right direction. Just seems to make sense in my mind at least

    crackz0p

  • Is the foothold related to modifying request? The not* help me to debug it, but I can not figure how to leverage this attack technique to be something usefull.

  • Type your comment> @kichung said:
    > Is the foothold related to modifying request? The not* help me to debug it, but I can not figure how to leverage this attack technique to be something usefull.

    NVM, got the way in.
  • This is an incredible box, with a believable, modern devops setup and interesting exploitable mistakes.

  • rooted box. for everyone still stuck, there are two exploits with Hxxxxxx, one of them is the entry, once you are in, you will need to read code to find the next step.

  • Awesome box ! I had been waiting for quite some time to see the initial vuln here. I really had lots of fun, except maybe on the second part because I was too focused on something so I forgot an important part of what had to be done.
    The very last part had me very confused for a while. I'm happy though because it didn't take too much time for me to realize what was going on.
    Thanks a lot @MrR3boot !

Sign In to comment.