Vault

Ah sorry I must’ve misunderstood where you were at. The proxychains ssh port forward was used on my own box to open up access to a certain service accessible via local web browser. Not sure if the proxy part is actually required, but it worked for me.

Errr…I’m feeling a bit surprised about the location of the user flag. I was plotting my next step in what I believed to be a much longer game when I sort of stumbled on it.

Regardless, nice box and which taught me a thing or two about a particular method of digging deeper. Thanks!

Spoiler Removed - egre55

Neat box. As a general hint, the admin of these machines has a TERRIBLE memory and writes everything down.

Also, you can do the entire maneuver using resources on the boxes. You can tunnel if you want to but there are ways around it. For root, check out the logs to give you an idea of the trick to use to get SSH into doing something it doesn’t normally.

There are approximately six concepts to understand for this machine, making it more complex than most machines.

Got user flag, fight for root flag, need nudge

Been going at this box for 24 hrs now , I’ve “vaulted” over the first hurdle , broke out of Jail and “tunneled” my way to the host on the other side. I’ve tried LFI / RFI and even considered “shocking” the other reachable host but the tool that can do that is just a dummy …

I’m probably going to kick myself at some point but would really appreciate some help with this one …

Don’t shock anything lol. PM me and I’ll see if I can help out.

I might need a little help for priv esc
Edit: gotcha

Already in vault machine, need hint to decrypt PG* file

Is Vault meant to be unreachable ? I’ve managed to determine 2 open ports on it but can’t ‘initiate’ a connection to them

Rooted , /tiphat @Skunkfoot for the nudge

Got root.txt without getting into Vault (Even before user.txt). I don’t feel it is intended and maybe someone placed it there by mistake while doing the machine alongside me. Can I PM someone to discuss?

@flash said:
Got root.txt without getting into Vault (Even before user.txt). I don’t feel it is intended and maybe someone placed it there by mistake while doing the machine alongside me. Can I PM someone to discuss?

Yeah PM me, I’d definitely be interested to hear how you did it

I got the root.txt too by simple file decryption… seemed wrong… but hey… you don’t know what you’re gonna get when you start a box…

edit
bah… after a reset the file is no longer there so I profited from someone else’s hard work… oh well…

i dont know what am i doing wrong…i can upload certain file but it cant get executed on the server as intended.i am not able to get reverse connection …can anyone help me?
Edit:got it.Thanks to forum peoples and al those who were kind to me.

Finally got root flag after feeling suffer thanx alot to @Samsara @T3jv1l @tekcap , all of you awesome

Any tunneling required after got the root of the D** server? May I have some hints of how to get into vault?

I did see some useful command (i.e. n*** ) in the log. However, no idea how to use it in order to get into vault.

Please give me some directions

Thx.

@TAPE said:
I got the root.txt too by simple file decryption… seemed wrong… but hey… you don’t know what you’re gonna get when you start a box…

edit
bah… after a reset the file is no longer there so I profited from someone else’s hard work… oh well…

You got jackpot dude, LoL

@sayyeah said:
Any tunneling required after got the root of the D** server? May I have some hints of how to get into vault?

I did see some useful command (i.e. n*** ) in the log. However, no idea how to use it in order to get into vault.

Please give me some directions

Thx.

+1

You need N*** because , if you don’t know where you are going , how are you going to get there ? Suggest you look up the different applications for N*** and different types of ways it can look for what you need given your current topology