Redcross

Cool box. I like that there’s multiple options. The “easy” way still wasn’t easy for me, it was definitely the first time I did anything like that, but it was relatively realistic and had good, logical progression between steps, so it was fun (although frustrating at times).

If anyone escaped the jail, could you PM me? I’m still looking for a way to do that but I haven’t found one yet. Thanks to @ompamo for the box, and @opt1kz, @LegendarySpork, and anyone else who helped me, I couldn’t have done it without your guidance and sanity checks.

Holy smokes. That…was…NICE! Felt like a realistic CTF. Perfect blend!

Note: Box is a little wonky sometimes though. Don’t hesitate to retry your exploits before moving on to something else.

When binary exploitation is too hard, just give yourself root.

Did the binary exploit was super fun and good practice. Great box

I’m very stuck for days in the ad**n panel (I already got the way to “log as” that user), try a lot of things, each of them more esoteric than the others… But I don’t realize how to advance to next step…

Is someone able to give me a nudge? Thanks in advance !

Done. rooted first. lots of hoping around and some goofy ■■■ ■■■■. Special thanks too @rotarydrone . My advise would be the same as I have seen prior. figure out how this thing works.

rooted. took a break from the direct root route and went for user first. this is a great example of some of the lessons you learn from oscp. don’t just attack the first thing you see, and know when to move on to something else. yeah, it might be a longer route, but it might also be easier.

Could anyone nudge me as to how to find the second login page i have the first one and i have done enumeration but not able to find the second one.

That was fun…once I had finally gotten RCE things went quite rapidly, one breadcrumb at a time. I’ve taken the non-BOF route now, but I’m keen to give that a try too.

If anyone needs a nudge in the right direction, feel free to PM me.

went the non-BOF route as well, and just got root. That was a good challenge!

Rooted, a very well made box, felt very realistic throughout the whole way.
My review for this box is that althought not being techically difficult it required some critical thinking in order to get it done, it wasn’t hard when you realize what you have to do. I spend many hours doing stupid things and the answer was in front of me all this time but finally i got there with a little bit of help, thanks @dualfade.

I read there are multiple ways to get root (apart from the binary) but i managed to do only one, i’m interested to know how others did it although having an idea i would like to discuss it further.

These are the kind of boxes we need it had a nice touch of realism and critical thinking :wink:
Now i understand the creators need to spend some time creating machines like these but i would rather spend my time solving something that i would face in a pentest scenario rather than decoding some god forsaken esolang (is that what they’re called?) “Frolic” im looking at you, i was cringy throughout the first part.

Someone can give me a hint on priv escalation? I’ve got a reverse shell with user pe****pe, but I can’t find a proper way to escalate to root. I’ve only found a certain binary but I don’t want to play with Bof and ASLR.

@veterano said:
Someone can give me a hint on priv escalation? I’m got a reverse shell with user pe****pe, but I can’t find a proper way to escalate to root. I’ve only found a certain binary but I don’t want to play Bof and ASLR.

Now that you have access, do some enumeration. Look around at things.
Thats Cool you got that user… I never ended up getting access to that user in particular. Must be multiple routes to make this work lol.

I did the enumeration, but I’m running out of ideas. Is the /usr/bin/python2.7 /root/bin/red*****.py usefull for anything?

I’m currently pretty stuck in the limited shell and have only one way to go: the .c file but I am unsure how to proceed, anyone willing to help me out here?

Rooted without touching the binary :slight_smile:

Rooted here too. This was a hard one, maybe because there are so many paths that you better look for more options before you keep struggling against the same wall for hours. I think that is the key to this box. You need to understand ALL about how this server works. I learned a lot :slight_smile:

@0xd1360b said:
Rooted here too. This was a hard one, maybe because there are so many paths that you better look for more options before you keep struggling against the same wall for hours. I think that is the key to this box. You need to understand ALL about how this server works. I learned a lot :slight_smile:

Same here. Just rooted it without the “intended” method. There was a lot to absorb with this machine and a lot of little things to watch for. I can’t say I had fun with this one, but I learned a few things.

Rooted. This Box was really awesome. Many different ways to get in and to root :).
If anyone needs help feel free to PM me.

I’m completely stuck on the admin panel for now. Could anyone give me a nudge ?