Curling

@ronak360 said:
Can some one help me with pa******_ba**** file I know it is bz*** I used xxd -r to convert to original bz*** but unable to decompress it as it’s show corrupted

Pls PM me any help will be appreciated

same here…

got root thanks for comments! :wink:

My thoughts on Curling. Some people said this was too easy while others said it was hard. My thoughts are there are a few things in the beginning that make this machine super frustrating but overall this wasn’t a difficult box.

Foothold
Yes its what you think it is. “May the source be with you”
After you find the thing that data is in the BASEment, floor 64 (this was the most frustrating part for me because this wasn’t indicated anywhere)
Read ALL the blog articles
login and understand where you are. Some googling should point you in the right direction for a shell.

User
This one was fun. I hope this isn’t a spoiler but this article helped me a lot (google bandit-level-12)

Root
Once on the box look around. You don’t need to look real far to see whats going on. cat everything and once you see whats happening you should know what to do.

PM me if stuck

same boat - got user flag got root flag, but unsure how everyone is getting/turning it into a root shell - would appreciate a PM - thx

Total newbie, first attempt at anything like this.

I’ve got so far as logging into backend and have managed to get a shell uploaded, I can see files in the home directory but cant view the content of the files from web browser shell.

Any tips would be appreciated.

Heyo guys. I’m kinda stuck here. I was able to login to the Control Panel on the website. but I kinda don’t know what to look for here. I tried uploading a PHP shell but whenever I try to access the file I get

10.10.10.150 is currently unable to handle this request.
HTTP ERROR 500

Am I going in the right direction? If you have the time to help me out, I’d love the help c_c

Edit:
Thanks to @CaptainKeyes I was able to surpass my mistake and own user! My many thanks :3

Now the fight continues to get root, Idk how the ■■■■ I’m gonna do it tho

aight, got both flags, tho the root shell is not necessary but love to know how ppl got it.

I’m Usopp, the brave warrior of the sea.

yea…if anyone can shed some light on how they established a root shell? (not just reading root.txt) - PM plez :slight_smile:

Got reverse shell, now on box as www-data. Any tips on privesc to allow me to read txt files?

Hello,
I’m currently stuck on the root flag, I got the user one and checked the files inside the a****_a*** folder and I’m pretty sure what those are about but I can’t seem to find what to do with c***. Can anyone give me a hint towards what to do please?

Hi,

Pretty stuck at the moment on the root flag, got user. Found the a***_a*** folder, i know i have to do something with the i*** but cant find what to do with the c***. Can someone give me a hint?

Same here. Stuck at the root flag. Saw those two files. Not sure how to use them to get the root or root.txt. Any hints appreciated. Thanks.

(2) Did it in 4 days

Rooted and done!

While yes not the most difficult box it still had things in it that I didn’t know too well and benefited from going through so my notes are improved and my confidence got a boost.

Thanks to @L4mpje because I really enjoyed it

Got the root.txt. Not the root shell. Anyway thanks guys.

Got user quite easily…root.txt tooked a bit longer but I was “distracted” by that file in a…a…

Can anyone please help me in getting reverse shell? I tried different methods in uploading the php shell but to no avail… I have read all the comments and some people prefer to use other methods like code execution(?! if i’m right) in admin panel. Any nudge would be really highly appreciated. Thanks!!

ive gotten everything up to the priv esc without much trouble but i just cant seem to get out of my own way now. ive read through the source of everything just about and ive run a monitor script to check the ps. im pretty sure i understand whats happening, but i just dont see how i can make this work to my advantage. any hints would be very much welcomed and appreciated.

Anyone willing to answer a question about this box (In private so I don’t have to put out any spoilers?)

got user.txt but struggling with root.txt, can someone PM me ?

thx