Oz

@bobthebuilder said:
“You are just wasting time now… someone else is getting user.txt”
“Look… now they’ve got root.txt and you don’t even have user.txt”

Funny stuff :wink:

hahaha… :wink:

\x is this some encoding any guess or deadend

you get so much info from the box, even limited file access, still not in.Probably another facepalm after I know how 8D

@D4Vinci said:

it gives random strings for any unknown routes making it nearly impossible to enumerate.

Yes, the application has a custom 404 errorhandler (like another active challenge)
To enumerate, do not use the GET method. It’s possible to find a route with a name like ‘/??e?s’ and maybe others.

Keep in mind that everything may be useful later.

This box is a nightmare.

I saw the first blood needed 15 and 18 hours, so much effort for that 30 points. LOL.

Yeah, I have to wonder if it was tested.

@waywardsun said:
Yeah, I have to wonder if it was tested.

100% was tested for 4-5 weeks before submission. All items and “rabbit holes” are working as intended. The box was tested again after submission by the HTB team not for rabbit holes or “unhackable” but does it have a flow, is it stable, are the steps logical to follow. Just gotta look a little harder and try different things. Never rely on a single tool for your enumeration or cracking.

@waywardsun said:
Yeah, I have to wonder if it was tested.

they dont know what medium means, but it’s not new.

@incidrthreat

I think that you created a nice box. For a noob like me it is taking me out of my comfort zone. Probably it will take days or weeks for me even with the help of hints :slight_smile: But always love to play with python boxes.

seems that someone has taken alot of time to hide flags… where ever i go i see dead ends

Does anyone have suggestions on some different tools to use for enumeration? I have used the usual suspects without success. I am not very good with web so some pointers to resources would be appreciated.

Any tips to enumerate this box?

user was fun : )

@ozymandias said:
@incidrthreat

I think that you created a nice box. For a noob like me it is taking me out of my comfort zone. Probably it will take days or weeks for me even with the help of hints :slight_smile: But always love to play with python boxes.

Now that user and root bloods have been taken this is when the novice can take their time and learn from pros like IPPSEC and M0NOC. Each of them have a very distinct methodology and set of tools that work for them in an engagement. Learn from them and you will get it, I assure you. Good luck!

@asifsohail said:
seems that someone has taken alot of time to hide flags… where ever i go i see dead ends

xD Nope. Flags are all in their normal locations unhidden and in plain sight.

@labyrinth said:
Does anyone have suggestions on some different tools to use for enumeration? I have used the usual suspects without success. I am not very good with web so some pointers to resources would be appreciated.

The usual suspects will do just fine, learn to fine tune what you are looking for instead of JUST a 200 response. Be more attentive to what you are receiving and fine tune it to get what you want. :wink: Attention to detail in the enumeration/reconnaissance phase of the Hacker Methodology will go a long way.

@TheNerdOne said:
Any tips to enumerate this box?

The only tip I can give you without spoils or leading you down a wrong bath is this: Pay attention to the small things. The details of what you are receiving from a scan vs what you are expecting. And that everything on this host in intended to operate the way you are seeing it.

@elihtb said:
user was fun : )

I am really glad you thought so. Thanks. Now go get root =D

Ok, thanks for the suggestions

Hmm, I know of ippsec’s videos. Does m0noc have a blog or youtube channel? I am not finding it.

Just got root.

Nice box. I think I got really lucky in the privesc - don’t understand exactly how what I did worked. But root is root! :slight_smile:

Rooted. One small hint from me for final part: if you feel, that something should work, but it is not - try to get your suite off :slight_smile: