Olympus

Interesting box… I liked learning about some new techniques, not sure I enjoyed the guessing part, but I guess sometimes you need to do that even irl. Thanks for the box @OscarAkaElvis , had fun!

Could someone please give me hint (DM) how to proceed with the DNS? I have cracked the pcap, maybe found something useful. But I’m stuck.

Can someone please tell me or pm me regarding the step after cracking the pass in cap file?
i think i found something (maybe not) in the decrypted data and dunno how to use it .
tried to enum the dns but how can we “dig” if we have no domain name.
Thanks !

Oh thanks for the tips guys finally got root !!
The guessing part just wasn’t mine hehe , and the pain i needed to overcome to get root with the privesc(do****) uhhh (anyone who thinks he got the easiest method to privesc please pm me)
thumbs to the creator and definitely gonna use the airgeddon !
Thanks

this is one ■■■■ of a box, ■■■■ fun working on this one, i learnt a few nice things working on this box, priv esc is nothing compared to the initial work required to get user flag,
any help required feel free to hit me up on discord [ vrvik#7626 ]

weird things my nikto scan showing up! every link shows encrypted output which i try other then the weblinks. Lost now, hints pls

Rooted PM if need help

Just finished it.

In general have to say the machine was good, it had different things going on and the story in general was also pretty cool.

However, I still have mixed feelings about that “jump” you have to do in order to move on. I would suggest to the people who are struggling with that bit (you know when you’re there), to actually follow the story-line that is being told through the various machines. That, along with some basic enumeration (and some simple guessing, use what you have!), can point you in the right direction.

i found a repository! is it where the game starts?

I think this is my favorite box so far. The Olympia part had me frustrated for quite a while, but it was worth it. Nice one @OscarAkaElvis

Hey guys, I found a specific header that gave me a possible hint on where to go. (As said before in the thread, a dev-like tool). There’s an exploit module on MSF but after sending the requests, the server answers with a RST package. I was trying to abuse this manually, but I’m having a nightmare installing the needed tools and whatnot, so much that I am no longer sure if it is just a rabbit hole. If this is the right way to go, may I ask a little help with the set up of the environment and everything, and if it’s not, any hints would be appreciated.

I didn’t read through this thread, so I’m not sure what was said here. The box isn’t hard in-regards to enumeration. Everything is almost always in front of you (i.e. where you land, you can obtain the clues/creds to move forward). The tickiest part for me was understanding where the .cap came in because (although I discovered/cracked it very quickly) I didn’t think to use it’s information in that manner. Everything was straight forward. Ending was super easy.

I’m open to give hints to folks that need help. Please PM me, if so.

I’m really enjoying this machine :slight_smile:

EDIT: got root. Really nice box, privesc was interesting but not anywhere near as much as user. You can PM if you need any hint.

Finally got root, got to say great box, learned a lot about docker. Great job @OscarAkaElvis .

I’m somehow not sure why I am not able to get a shell using the msf/py exploits available. Reached out to many of them, checked in wireshark as well. Everything seems fine, but somehow, something gets fucked up and I get an RST from 10.10.10.83, which is very weird.

Rooted!! This was a wild ride. I appreciate the help from everyone. If you need hints PM me :wink:

Ok, I have a shell to this box, I cracked what could be cracked, but I don’t seem where to go from there. I know that I am on a limited environment, but I’m not sure if I should escape it, abuse it, priv escalate from there and I’m running out of ideas. Any hint?

@HeiGou said:
Got a connection to a box, got the message from the gods, got a strange IP. Any hints on how to pivot and use that? I normally dont work very much with the D service and am stuck :astonished:

Collect more information on what you got from the gods, Dig is your friend.

@DarkNight7 said:
Ok, I have a shell to this box, I cracked what could be cracked, but I don’t seem where to go from there. I know that I am on a limited environment, but I’m not sure if I should escape it, abuse it, priv escalate from there and I’m running out of ideas. Any hint?

There is another information on the cap file. browse the packets and you’ll find it. After that you have to make some educated guess to use SOME parts of those 2 informations as login credentials on a service running on the box that you already know!

Rooted, thanks @OscarAkaElvis for great experience!

  • The Crete island would reveal its secrets to those who don’t hesitate to look at heading part of the waves that leave the island.
  • After you enter the Olympia you should be looking for a way to go through the Zeus’ flight experience, that was accumulated to some essence lying next to the god’s message.
  • The knowledge gained from such an experience would let you enter the Rodhes. Btw, you heard this song? Don’t know about you guys, but I do love it.
  • Opening the portal to Hades requires some ancient magic technique so… Wait, I think there’s someone at my door, I’m gonna have a look…
  • Now, where was I? Right, the Olympus. The Olympus would yield to those who don’t hide their love to whales. Beautiful creatures, aren’t they? :wink:

Hope not too much a spoiler xD