Dev0ops hints

need help in priv esc. Can anyone a PM?

Anyone who needs help is welcome to PM me.

Already got interesting file but definitely donā€™t know what to do next. Am I right that I need to send something to the ne***st for user.txt?

@iammainul said:
need help in priv esc. Can anyone a PM?

Shoot me a message, if you still need help.

Iā€™ve gotten quite a few PMs about this box. Iā€™ve also seen a lot of hints that kind of reiterate the same thing over and over so maybe this will help all those who are stuck.

While the path to root isnā€™t as complicated as it feels if youā€™ve been digging around for a while, itā€™s also not quite as obvious I donā€™t think as everyone states if youā€™re new to what you need to work with on this box.

Yes, RTFM is quite a thing and I agree. But to hopefully cut down on the cycle of ā€œIā€™ve read the hints and done the things and canā€™t see what Iā€™m missing or if Iā€™m on the right trackā€ Iā€™d like to re-contextualize the hint thatā€™s been repetitiously stated into something that may be of more conceptual aid, without adding any new hints or information.

Think about the things you are looking through/need to look through as a blueprint of a building, and the lines you are looking through in those locations as paths in the building or rooms. You need to find the correct path and room you need to be in. Go through things line by line and if you donā€™t understand what the line is doing, research until you do. This will help you better be able to read the blueprint and to know which path and rooms are important, which are not, and where to find the tools you need to get into the rooms you need to be in.

Happy Hunting

@Didakt said:
Rooted !
Very cool box, thanks to the creator :slight_smile:

And the first hint some one gave for priv esc was just perfect :

ā€œFar far ago, there was a man that could view back into the past, and see alternated versions of realities , how did he do that mate?ā€

Think about it !

Thanks for the box

Cheers. This gave me the nudge I needed :slight_smile:

rooted! dm me for hints!

finally got root, if someone needs help, just PM meā€¦

After figuring out what I was doing wrong with uploading the xml, I wanted to punch my own face. Basically had the xml formatting correct the whole time but it was the SYNTAX to pay very close attention to combined with the few hints the ā€œdeveloperā€ left . Hope this doesnā€™t give away too much, first comment on the forum, 5th ā€œuserā€ Iā€™ve gotten. I think I know where to go with root now. Time to find out. Thanks for the hints to everyone as well. They were exactly what I needed to know I was on the right track, without giving away too much and taking away from the learning experience.

hopelessly stuck on devoops, I know the method is similar to aragog but i cant find the proper syntax to inject or where to inject it please help

Okay, Ive found a very interesting page, havin a little trouble formatting the peanut butter for my sandwich, pm me if you can help pls

@Monkey23 the owasp top 10 gives you it on a plate

If I put it into the form on the page in file form it comes up in burp all redā€¦do I have to move it outside the number string?

@AgentTiro said:
@Monkey23 the owasp top 10 gives you it on a plate

Not exactly you gotta add the jelly Thanks though i got the file.

Thank you all who have helped me to get root. Your help has been the key to me conquering this machine.

Iā€™ll just write a few hints here for the ones who come after:

  1. Initial foothold - pay attention to the upload format, the system has been designed to look out for certain txt.
    If you are not good at the programming language, suggest to go w3schools for a short brief on the language itself.
  2. On getting user.txt, think of a file that is as good as the password but not the password
  3. On getting root, like all the other has said, go back in time, so something to do with the history. If you can do a word difference comparison of the file, that will be helpful.

Need anymore help, give me a PM :slight_smile:

@TTYlerDurden said:
The amount of OVER ENGINEERING the solution I did on this boxā€¦SMH.
Feel free to PM for nudges.
Thanks @lokori for the great box and the opportunity to learn something new!

I feel like we tried the same things. Just rooted after days of trying to do something that just wasnā€™t working. Canā€™t believe how easy the real path to root was

Iā€™ve managed to upload a valid XML file and finding the file, I then tried to but in some php code to that file to gain a rev shell. I know understand from the forum that this is the incorrect method. Could anyone help me point me in the right direction? Not a fan of XML thoughā€¦

Im confused about the go back in time stuff. Got user and found a different key but i cant seem to make it work. PM please im stuck hopelessly

Rooted if need help PM me.

Urban Cookie Collective had a hit in 1993 - ā€œ!he *** the secretā€

Huey Lewis and the news had a hit with ā€œBack in ****ā€

I know its a git when some people are cryptic but i belive these hints will help with priv esc