Poison

11719212223

Comments

  • Hoping someone can give me a nudge in the right direction. I've got the secret file and set up something you can see the light at the end of, but I'm confused on how to connect as the right user. The way I'm trying it right now, I get in as the user with normal permissions. I'm not sure if I have the syntax correct, so hoping someone can push me in direction I need to go.

  • got root finally. Hate this box...

  • edited September 2018

    Got root omg this box taught me a lot especially to not overthink things, keep it simple guys and read all the good threads and its hints they are very helpuful. Read the man pages of the tools once you identify the services running on the box. Spoiler Removed - Arrexel

  • Think about where to use the zip file and how, that's it.

  • Got root, feel free to DM for hints.

  • edited July 2018

    -

  • edited August 2018

    nvm

  • @mcruz thanks for the articles, got root

  • rooted. PM me for hints.

    TheInnocent

    "I recognize, Mr. Reese, that there's a disparity between how much I know about you and how much you know about me. I know you'll be trying to close that gap as quickly as possible. But I should tell you... I'm a really private person."

  • edited August 2018

    One of the kinda confusing boxes, definitely rabbit holes all around,

    PM for subtle hints / explanations

  • Very interesting and fun box, way easier than it seemed. A little hint for anyone who is still looking for the root flag: once in take a very close look at every running process owned by root and every parameter they use, one will catch your attention because of its nature. If you're not familiar with this particular process look it up on Google and read its documentation, one particular parameter will answer the question "what the heck is this 'secret' file for???".

    Good luck!

  • Hi
    I am still unable to unzip the secret file. Grr. I will keep trying :)

  • edited August 2018

    GOT IT FINALLY!
    GAH this box can really drive you insane if you don't know what you are doing.
    Asked for a couple hints but they didn't really help because all the hints you need are in this forum, and I already knew what I needed to do from the start.
    The hints were really just to verify my sanity. lol
    With the articles posted here, you know you are doing the right thing, it boils down to putting the commands together in the right places. I actually used putty to help make sure I was doing it right. and once i googled for the 20th time, i finally executed everything correctly.
    I think I spent 4 days doing the right command, just with one major flaw.

    Even though i hate everything about the machine, great job, it is a great way to understand security flaws in remote management.

  • @Naruto985 said:
    Hi
    I am still unable to unzip the secret file. Grr. I will keep trying :)

    Don't overthink it, the solution is much easier than you might think!

  • hi,
    just got root, but without the ssh-tunnel hint i wouldn't be able to do it.
    so i wonder if there are any indications, that root is using the ssh-tunnel, or was it just guessing?
    Feel free to pm me :)

  • So, user was flat enough...I do see something very interesting running on this box and i have a fairly good idea of the inner working using ****** over ***** tunnels but fcrackzip is going on a few hours and no dice for the secret.zip file. I thought maybe a bogus extension or something but to short to be a key? Any very gentle nudges?

  • @Fenrir said:
    hi,
    just got root, but without the ssh-tunnel hint i wouldn't be able to do it.
    so i wonder if there are any indications, that root is using the ssh-tunnel, or was it just guessing?
    Feel free to pm me :)

    Check the parameters of the service you used to get into root, one in particular will tell you exactly why you had to do what you did.

    @n3tl0kr said:
    So, user was flat enough...I do see something very interesting running on this box and i have a fairly good idea of the inner working using ****** over ***** tunnels but fcrackzip is going on a few hours and no dice for the secret.zip file. I thought maybe a bogus extension or something but to short to be a key? Any very gentle nudges?

    If you have already identified an interesting process you might want to read its man page, you could find something useful in there :)

  • edited August 2018

    @Baud said:

    If you have already identified an interesting process you might want to read its man page, you could find something useful in there :)

    I've already walked 10 miles since this comment but I'm stuck in a new place. After a ridiculous problem, i realized that what I was doing was completely in folly. I extracted contents from said zip file, realized that it was a ********, also realized that the remote host is hosting a process that confirms my suspicion. Now im playing with command line options because while im not returning a login error, im not necessarily returning a login success either.

  • For some strange reason, last time i was able to download the secret.zip, and now when i scan i dont get that port nor the place where i downloaded the zip file. Even nmap scan with filters related to **c and **h are showing just two ports opened one is ssh and second is http. Its been two days brrr :) keep thinking at sleep what went wrong and where

  • Could anyone PM me to possibly help? I have "connected another way" after owning the user, but only get a blank screen and no way to really interact... i think i'm close but if someone would be willing to PM me for a hint it would be really appreciated. Still trying to learn :)

  • > @wyliebsd said:
    > Could anyone PM me to possibly help? I have "connected another way" after owning the user, but only get a blank screen and no way to really interact... i think i'm close but if someone would be willing to PM me for a hint it would be really appreciated. Still trying to learn :)

    try to use the secret file when connecting to that service

    Arrexel
    OSCP | I'm not a rapper

  • I am stuck on SSH.
    I have Owned 'user', and picked up on a possible entry point on the same port.
    Just need some guidance.

  • @PHunHouse said:
    I am stuck on SSH.
    I have Owned 'user', and picked up on a possible entry point on the same port.
    Just need some guidance.

    Same here, tried to tunnel the XV port to local. Then get lost. Anyway can give some hints and guidance? Thx in advance.

  • hi people, my 1# post, and box.
    can you explain this to me?

    v*******r: ConnectToTcpAddr: connect: Connection refused
    Unable to connect to VNC server

    when run nmap, only 22 is open

    sorry my english

    rubenix

  • @rlinux said:
    hi people, my 1# post, and box.
    can you explain this to me?

    v*******r: ConnectToTcpAddr: connect: Connection refused
    Unable to connect to VNC server

    when run nmap, only 22 is open

    sorry my english

    Little hint: if you can't connect to a service make that service connect to you ;)

  • Is secret important on the connection, how do i use it if its important, please pm hints

  • @gregX01 said:
    Is secret important on the connection, how do i use it if its important, please pm hints

    It is, you need that file. Here's your hint: examine all the running processes owned by root, look for the ones that you can "hook on to" in order to become root. Read the man pages to all the processes that can give you this opportunity, and you'll understand what that file is for.

  • Hello everyone, this is my first post.
    I've already been able to access the box, extract the .zip file. But I do not know how to become root = (
    I listed the services that are running but with no ideas how to explore

  • Rooted!!!!! That was a good challenge. If you need help, let me know
  • @wyliebsd said:
    Could anyone PM me to possibly help? I have "connected another way" after owning the user, but only get a blank screen and no way to really interact... i think i'm close but if someone would be willing to PM me for a hint it would be really appreciated. Still trying to learn :)

    Think about a tunnel

Sign In to comment.