Mischeif

Anyone find the intended way? I have access and got user, but stuck on root.

I’m in the same boat @Magavolt . It kinda sucks that many were able to get an easy 50 pts for this, but nobody even seems to know what the intended method was. It makes the box lose a lot when it comes to enjoyability. I’ll keep at it until I get it the correct way though.

found the two creds, the higher UDP port, and the service bindend on localhost (so unable to contact…).
Any hint at this point?

Do I need to brute force login or do I have to just find location where this credentials are?

Has anyone solved the root privilege escalation after it has been patched?

Can anyone spare a hint on the second login? Nothing I’ve tried seems to be working. Also found another page, but it doesn’t give any output with anything I do to it.

@cdf123 said:
Can anyone spare a hint on the second login? Nothing I’ve tried seems to be working. Also found another page, but it doesn’t give any output with anything I do to it.

If nothing works, back to basics and try common username :wink:

HINT: Once you learn how to login, you start to assume some things. These assumptions will have you at a roadblock when you shouldn’t be. There is mischief going on, remember? Things won’t always be the way you think even if they once were. I hope this helps without spoiling.

I’m still working on priv esc, but I’m sure the same rules apply, lol.

@blackhood said:
HINT: Once you learn how to login, you start to assume some things. These assumptions will have you at a roadblock when you shouldn’t be. There is mischief going on, remember? Things won’t always be the way you think even if they once were. I hope this helps without spoiling.

I’m still working on priv esc, but I’m sure the same rules apply, lol.

Got the root. It is really a mischievous god/machine

Holy effing smokes batman!!! This ■■■■ box is one long F*xx around. ■■■ this was stupid and horrible and really fuxx up. I loved every freaking second of it! This box was epic!! Thanks @trickster0 !! That name definitely fits. You’re a ■■■■, but I owe you a drink for this one. I hope a respect will do. Well done my friend!!

Someone mentioned ippsec’s video walkthrough of one box that is similar to this. Can anyone give me a link where this video resides?

@Higgsx said:
Someone mentioned ippsec’s video walkthrough of one box that is similar to this. Can anyone give me a link where this video resides?

That was an unintended method and has been patched.

I enumerated one UDP port,extracted some information but nothing interesting has been found. found creds, found picture but I can’t go further. I checked everything I think. Scanned full TCP/UDP ports nothing more interesting ports shows up. Can anyone give me a little advice how to go further? I tried stego but as I guess there isn’t stego stuff to do.

@Higgsx said:
I enumerated one UDP port,extracted some information but nothing interesting has been found. found creds, found picture but I can’t go further. I checked everything I think. Scanned full TCP/UDP ports nothing more interesting ports shows up. Can anyone give me a little advice how to go further? I tried stego but as I guess there isn’t stego stuff to do.

I see multiple TCP/UDP ports, 1 login page, I’ve performed a walk and I’m stuck. Can anyone give me a kick in right direction.

I got access to the other login page, but can’t seem to bypass it- - tried everything from brute force login to trying to look for other pages. Would appreciate a hint to move in the right direction :slight_smile:

nvm got it

As a general rule for bruteforcing things, don’t just use stock word lists. Keep a tailored one for your target. When you find something on your target, add it to your list. e.g. If you find a user account, add it to your user word list.

I have problem with s**o
My I please a hint? or better discuss…

@smjogi said:
I have problem with s**o
My I please a hint? or better discuss…

enumerate more :slight_smile:
There is a linux command that will help you a lot to figure out what is going on.

Just when you think you have it and then nope.

I have question that people will understand who did root access to mischief box.
Do I need to know password of [SPOILER] user?

[SPOILER DELETE]