Carrier

I think one of the biggest challenges with this box is actually understanding what you need to do and having a game plan. This is one you can’t just bash out with google without understanding what you are doing.

I’ve had people reach out to me with some very strange ideas based on tips they’ve received but actually have no understanding of what it is they are doing. This machine really needs you to understand the basic concepts that you can build up on to things you may not know.

A game plan will help you build a high level plan on what you are trying to accomplish , the steps you will go through and then work out what you need to learn to bridge the gap of your current skill set to make that game plan achievable.

Man this machine was crazy … the attack itself was easy to understand but required a lot of detailing in order to execute … aaaah !!! finally rooted it … Thanks to all those who helped me @quas @noahcain and @s4rgey … and also for not spoiling the fun all the way through

I’ve just discovered the meaning of secretdata.txt.

Tnks to @ferreirasc for helping me on my first lab, and kudos++ to @snowscan for creating a such great challenge.

Hack N’ Roll \m/

was able to get into web app and see where i need to do RCE with compressed value but cant figure out why code isnt running when i replace value any tips?

I just rooted the box! Kudos to @Draco123 for his amazing help!
Any hints on what secretdata.txt is ? :open_mouth:

Finally got the root.
Got the user 2 months back. But it took 2 months for root.
Thanks @3therk1ll buddy. Without your help I may not understand the underneath concept or made it to root.
Thanks @Puru and @dropdown We had a great private discussions about this machine. That’s a nice technical stuff.

Last but not the least thanks @snowscan for this wonderful machine. Learnt a lot in the network :slight_smile:

@maycon said:
I’ve just discovered the meaning of secretdata.txt.

I never worked out what that was for. Any chance of a PM to give me a hint (or a spoiler :smile: )

Stuck at Dia****** page. Don’t really know how to inject a reverse shell there. Can somebody help me ?

@kreskin I’m in the same boat I can change the ch*** variable to navigate through files but can’t execute code, any pm would be greatly appreciated

This machine is driving me crazy. Now tcpdump seems to only give me 74 bytes of packet data even though it says “capture size 262144 bytes” :anguished:

Finally rooted it :slight_smile:

Awesome box, and a complete change from most other challenges! All the hints for what needs to be done are called out within the application. Looks like their fixes aren’t correct! You need to expand on it a little bit and pretend to be a certain service :slight_smile:

As everyone has said, understand the type of machine you’re on, the primary services, and how they’re implemented in this environment. This is a practical attack and can happen both accidentally and intentionally.

Found the 2 docs but cannot login. Cant find any chesis number,

any hint?

I’ve yet to even get a shell on the machine.

I’ve found the non-tcp port everyone has posted about on this thread, and I’ve enumerated it with every script I can find. None of them return any results whatsoever. If somebody could PM me for help with the scripts I’d appreciate it.

Having problem with privsec, can someone sheds me some light for the b*** h*****? Need some help with v****. PM please.

I am stuck with user. I am playing with the check value but I find nothing interesting. I need a hint please

HOLY ■■■■ I’m so glad I rooted this box. I may have gone about rooting it in an unconventional way but I figured out the basic gist of it and managed to get it. Took me about 4 days but I figured it out. I learned quite a lot about a protocol I didn’t have much experience in in the first place. Still though, I can’t wait to see the writeups on this box after it gets retired so I can see how I managed to do it versus everyone else.

Initial foothold was straightforward, par for the course if you’re used to a lot of CtF scenarios. But the privesc…man. Good challenge!

I got user. Thank you all

Can someone help with the payload used for ch*** parameter? Im using b**p to intercept. Then use an encoded payload with netcat listening to the port but cant get it to work. Can i please get some help? PM or here. Thanks

Hi All, as Deus9 posted I am sitting in the same boat. Can someone please assist here I am banging my head against the wall. Please PM me