Olympus

I didn’t read through this thread, so I’m not sure what was said here. The box isn’t hard in-regards to enumeration. Everything is almost always in front of you (i.e. where you land, you can obtain the clues/creds to move forward). The tickiest part for me was understanding where the .cap came in because (although I discovered/cracked it very quickly) I didn’t think to use it’s information in that manner. Everything was straight forward. Ending was super easy.

I’m open to give hints to folks that need help. Please PM me, if so.

I’m really enjoying this machine :slight_smile:

EDIT: got root. Really nice box, privesc was interesting but not anywhere near as much as user. You can PM if you need any hint.

Finally got root, got to say great box, learned a lot about docker. Great job @OscarAkaElvis .

I’m somehow not sure why I am not able to get a shell using the msf/py exploits available. Reached out to many of them, checked in wireshark as well. Everything seems fine, but somehow, something gets fucked up and I get an RST from 10.10.10.83, which is very weird.

Rooted!! This was a wild ride. I appreciate the help from everyone. If you need hints PM me :wink:

Ok, I have a shell to this box, I cracked what could be cracked, but I don’t seem where to go from there. I know that I am on a limited environment, but I’m not sure if I should escape it, abuse it, priv escalate from there and I’m running out of ideas. Any hint?

@HeiGou said:
Got a connection to a box, got the message from the gods, got a strange IP. Any hints on how to pivot and use that? I normally dont work very much with the D service and am stuck :astonished:

Collect more information on what you got from the gods, Dig is your friend.

@DarkNight7 said:
Ok, I have a shell to this box, I cracked what could be cracked, but I don’t seem where to go from there. I know that I am on a limited environment, but I’m not sure if I should escape it, abuse it, priv escalate from there and I’m running out of ideas. Any hint?

There is another information on the cap file. browse the packets and you’ll find it. After that you have to make some educated guess to use SOME parts of those 2 informations as login credentials on a service running on the box that you already know!

Rooted, thanks @OscarAkaElvis for great experience!

  • The Crete island would reveal its secrets to those who don’t hesitate to look at heading part of the waves that leave the island.
  • After you enter the Olympia you should be looking for a way to go through the Zeus’ flight experience, that was accumulated to some essence lying next to the god’s message.
  • The knowledge gained from such an experience would let you enter the Rodhes. Btw, you heard this song? Don’t know about you guys, but I do love it.
  • Opening the portal to Hades requires some ancient magic technique so… Wait, I think there’s someone at my door, I’m gonna have a look…
  • Now, where was I? Right, the Olympus. The Olympus would yield to those who don’t hide their love to whales. Beautiful creatures, aren’t they? :wink:

Hope not too much a spoiler xD

@snovvcrash said:

  • The knowledge gained from such an experience would let you enter the Rodhes. Btw, you heard this song? Don’t know about you guys, but I do love it.

If you really loved it, I think you might like this one as well!

I love whales but I don’t know them so well … do I need to study really everything on them ?

@mboh said:
I love whales but I don’t know them so well … do I need to study really everything on them ?

you are just one Google search away from so many amazing writeups with similar privesc/CTF situation.

yeah, sorry, found the right whale. :slight_smile:

Got user.txt - Most enjoyable box I’ve done yet…

@pzylence said:
I’m somehow not sure why I am not able to get a shell using the msf/py exploits available. Reached out to many of them, checked in wireshark as well. Everything seems fine, but somehow, something gets fucked up and I get an RST from 10.10.10.83, which is very weird.

same here the Reason is because of ping latency issue. that the only thing that i can comeup with so my be am i open AWS instance in Europe and see if i can try again. only think i can think of lol.

@mochan said:
Got user.txt - Most enjoyable box I’ve done yet…

dude nice link man thank you! you got some nice staff on your dropBOX OSCP ill be doing in 4 month… just going for AWS Cert next 1 so been busy with that.

ill PM regarding about OSCP ether ways excellent file thanks for sharing

@laylow said:

@mochan said:
Got user.txt - Most enjoyable box I’ve done yet…

dude nice link man thank you! you got some nice staff on your dropBOX OSCP ill be doing in 4 month… just going for AWS Cert next 1 so been busy with that.

ill PM regarding about OSCP ether ways excellent file thanks for sharing

Thanks man - I usually add new resources everyday! - Enjoy :slight_smile:

Can someone drop me a hint for priv esc? The whale hint means nothing to me and I’ve been enumerating for hours!

what about docks ?

Rooted!! - Special mention to @raulcpop for the pointer! If anyone needs help my PM’s are open.

Hints :-

Crete - Do not overthink… Play around with burp & google :wink:
Olympia - Also do not overthink - Once you find the file you have everything you need to progress…
Rhodes - Enumerate enumerate… If you run into issues it will be because nameservers… editing /etc/resolv.conf on your local box will help you
Priv Esc to Root - Do some Googling on what’s on the box! You will get there eventually.