Vault

@achayan said:
i already have the user flag … i am now d*** in 192****4 … struggling for root … any hints on root will be appreciated :slight_smile:

look into log files, maybe hint is there

I’m root in x.x.x.4. Stucked in a hole… I discovered an IP with no services listening.

how to move from dave to vault, need hint

Rooted. I enjoyed this box en learned new things again. I really like the multiple server ones. To bad this one has a step that can be a fair bit harder if you have multiple people trying to hack it.

Anyway, for all the people asking for hints, everything needed has been said in this topic.

I’ve just rooted the box and I am a bit confused. Most of the people found the rooting hard-ish and I actually found it even a bit easy (for sure way easier than user flag). I am wondering if I rooted the box in the right way or in an unintended way, could anyone send me a PM to discuss the rooting? Thanks!

@0xd1360b said:
I’ve just rooted the box and I am a bit confused. Most of the people found the rooting hard-ish and I actually found it even a bit easy (for sure way easier than user flag). I am wondering if I rooted the box in the right way or in an unintended way, could anyone send me a PM to discuss the rooting? Thanks!

Yeah PM me, I’m curious how you did it

It was kind of nice to have something discovered so early be so important so late. That was tough, but I’m glad I did it.

Just FYI the poison hint is only for tunneling…

I had to use proxychains to get it to work on mine

Ah sorry I must’ve misunderstood where you were at. The proxychains ssh port forward was used on my own box to open up access to a certain service accessible via local web browser. Not sure if the proxy part is actually required, but it worked for me.

Errr…I’m feeling a bit surprised about the location of the user flag. I was plotting my next step in what I believed to be a much longer game when I sort of stumbled on it.

Regardless, nice box and which taught me a thing or two about a particular method of digging deeper. Thanks!

Spoiler Removed - egre55

Neat box. As a general hint, the admin of these machines has a TERRIBLE memory and writes everything down.

Also, you can do the entire maneuver using resources on the boxes. You can tunnel if you want to but there are ways around it. For root, check out the logs to give you an idea of the trick to use to get SSH into doing something it doesn’t normally.

There are approximately six concepts to understand for this machine, making it more complex than most machines.

Got user flag, fight for root flag, need nudge

Been going at this box for 24 hrs now , I’ve “vaulted” over the first hurdle , broke out of Jail and “tunneled” my way to the host on the other side. I’ve tried LFI / RFI and even considered “shocking” the other reachable host but the tool that can do that is just a dummy …

I’m probably going to kick myself at some point but would really appreciate some help with this one …

Don’t shock anything lol. PM me and I’ll see if I can help out.

I might need a little help for priv esc
Edit: gotcha

Already in vault machine, need hint to decrypt PG* file

Is Vault meant to be unreachable ? I’ve managed to determine 2 open ports on it but can’t ‘initiate’ a connection to them