Teacher

@Ruri said:
My advice for everyone is just to move on to another box. This is a complete CTF nightmare factory and is not realistic in any sense of the word. If you’re prepping for OSCP or trying to hone real-life pentesting skills, you are wasting your time here.

Spoiler Removed - egre55

Spoiler Removed - egre55

I’ll grant you that the rest of the box was much more interesting, after I completed it. I was just very frustrated with the initial portion.

@Ruri said:

@kindred said:

@Ruri said:
My advice for everyone is just to move on to another box. This is a complete CTF nightmare factory and is not realistic in any sense of the word. If you’re prepping for OSCP or trying to hone real-life pentesting skills, you are wasting your time here.

The only CTF-y part is the initial text file playing as an image file. Everything else is pretty interesting, and the RCE in particularly was pretty difficult to get right.

I’ll grant you that the rest of the box was much more interesting, after I completed it. I was just very frustrated with the initial portion.

Yeah, I found it pretty quickly by accident so I didn’t mind it too much, but I had the exact feeling you have for this box with Frolic; Just pointless, CTF-y nonsense imo.

I’m trying to be an evil teacher but can’t get the reverse shell. someone plz PM me. Thanks!!

Hey,
I did the same like the vid but doesn’tt work… Any pm for me ?

Anyone able to pm me? I’ve found the way I think to get root, but need help on the exact syntax

A Hint for the people with the initial shell but without the user flag:
To get the flag you need access and a leet idea (or is it spelled id?).

Any hints for getting root?

guyz how we find last char of pass. i created script and guess all chars. but still didnt work. help me

@ZeusBot said:
guyz how we find last char of pass. i created script and guess all chars. but still didnt work. help me

did you try all the letters, capital case and lower case and symbols? did you check if the login is correct? (Capital or lower case)

Guyz can u tell me how to find a password g* in shell. i was devil and i grab the shell. im struck in there.

Feel free to PM me if you’re running into issues.

I’m lost on the priv esc to root. I thought it the issue was going to be something “wild” with the “extraction” or something down the wrong binary “path”, but I cannot get either of those two attack vectors to work correctly. I also cannot locate the “script” that is actually doing any of this so my attempts are blind. Where did I go wrong?

EDIT: Got it. Thanks @DaChef 's comment pointed me in the right direction. If you cannot get wild maybe you can have it look someplace else

Rooted :slight_smile:

Initial Foothold:

As some people say in this thread it is necessary to search the Login Page, but it is not necessary to use Hydra or Bruteforce for the password, what you are looking for is in the Blackhat HS…

User:
Actually I could not with the initial flag, but maybe it could be trying, trying and trying …? Or maybe you have to search for “something” on the server that allows me to be G ** (any hint?)

Root
I saw this escalation method on another machine, it’s all about looking for an unusual file on the server, using a privilege escalation enumeration script and you’ll notice something strange

@samsepi0l said:
Rooted :slight_smile:

Initial Foothold:

As some people say in this thread it is necessary to search the Login Page, but it is not necessary to use Hydra or Bruteforce for the password, what you are looking for is in the Blackhat HS…

User:
Actually I could not with the initial flag, but maybe it could be trying, trying and trying …? Or maybe you have to search for “something” on the server that allows me to be G ** (any hint?)

Root
I saw this escalation method on another machine, it’s all about looking for an unusual file on the server, using a privilege escalation enumeration script and you’ll notice something strange

This has been the best hint so far imo. Thanks.

The initial foothold and Getting user eats most of the time. Getting user has more struggle than root. Also, with all the resets on the free server, maintaining shell was tough.

Overall, Okay-ish machine. Well, In the end, learned something new. Pm for hints if needed.

It took me quite a while to finish this box, mostly because I got very fed up with constant resets and having to go through all steps to get a shell again… Even on VIP, this kinda ruined the fun for me.

The initial steps of the box aren’t that realistic, but overall it’s still pretty kinda educational as it touches several techniques and there’s different ways of getting root.

For foothold&user: make sure you enum the website properly. The site isn’t actually big and what you’re looking for stands out a lot, so this really shouldn’t be an issue. Then, use the hint that has been given earlier regarding ‘being evil’. Then, continue enumerating.
For root: There is something going on in your home folder (which is pretty easy to find as your home folder isn’t so big). Find out what’s triggering it, go through it properly and think of ways to exploit it.

Thanks to @Center for some hints!

I’m trying to be evil, but I can’t seem to get it right. If anyone’s able to lend a hand via PM, it would be appreciated.

Anyone care to answer a question about intial foothold Im 99.9% sure I know where Im supposed to be looking but it won’t work…I have reset the box also

@hray & @iCk read the POC and understand it. then just try getting RCE in various ways. always start with the command PING IP since it has no special characters and you can confirm you have RCE with it (tcpdump for ping on your local host). once you get ping to work, you know you have RCE and can work on a shell from there. i’m not 100% sure, but I think if you do ping without -c 1 it hangs the server, so better to add that just incase, so you dont have to revert. I also believe the webshells spawned hangs the server as well, resulting in all the reverts