Chaos

@mpoitsos said:
I cannot find something inside the mail servers(seems empty), neither i can connect to the web portal with those creds… :frowning: . what am i missing?

f you are sitting on your computer writing an email to your friend and suddenly you accidentally close your browser, where do you think it is possible to see what you were writing again? :slight_smile:

@samsepi0l said:

@mpoitsos said:
I cannot find something inside the mail servers(seems empty), neither i can connect to the web portal with those creds… :frowning: . what am i missing?

f you are sitting on your computer writing an email to your friend and suddenly you accidentally close your browser, where do you think it is possible to see what you were writing again? :slight_smile:

really nice hint.

Cant figure out where tf to find the wil. Found the win, and the creds to the wil, but no w*il.

@r3no said:
I have a feeling that this will be another frolic!

I have a feeling you’re not wrong

@morph3 said:
Another shitty box from sahay. Initial foothold was something imaginary , if you stuck you at the beginning you have to pray and wait for the light to come and save you because it was complete nonsense . After going through much more imaginary things and guessings, managed to get a low priv shell but the pain didn’t finished at all because you have to run from something with again much more guessings. This box is complete pain in the ■■■ and nonse. Waste of time.

I thought you were exaggerating at first, but holy ■■■■…

Everyone is rating root as very easy, what obvious thing did i miss? Got an easy user, but stuck on priv esc for a while …

Cant find anything useful in ml, maybe the rc_s***s? I really don’t know what basic step i missed…

Hint for user initial: Its right there. Literally. Dont be like me and search up and high everywhere.

Hint for user: Evolve to the machines needs. If you are stuck on w*****l, its not really something that should give you a brainfuck.

@legerdemain said:
Cant figure out where tf to find the wil. Found the win, and the creds to the wil, but no w*il.

where are these creds!?

I have user.txt!

It’s a fun machine, like Frolic you have to use a little creativity

Initial Foothold:
Enumerate as always with Nmap and Gobuster, when you get to the initial question do not start using complex things, the answer is in front of you, for those who are stuck in w*****l, I advise my previous track in this thread, look well that is the way, after this only use Google and Python.

If you can decode “that” then … In the next part I had a little problem, and I did not see what I decoded, as you always have to read what you have in front of your eyes, you will go to another paradigm, a T****** p** m****, use Google is not so complex to do the most fun in this part

User:
It’s quite simple, if you already have something that you got in the foothold, try using it on the machine again maybe it will work

Looking for the root :bleep_bloop:

Stuck on root as well. I’m assuming it’s more #GuessTheBox CTF ■■■■. sigh

Lol no, what you need is right there in front of your nose. Don’t you think it’s weird that there’s some data but the program that supposedly uses it isn’t even installed?

The shitty hints are not helping. I have been scanning port 80, every NSE script, PCAPs, Burp, what a stupid box.

@fjv said:
Lol no, what you need is right there in front of your nose. Don’t you think it’s weird that there’s some data but the program that supposedly uses it isn’t even installed?

I just got it and no, that pretty much qualified as a perfect example of what I was talking about. That was a really decent hint, though, so thanks for that.

Could someone please help me out on what to do when you get to the page with the long ■■■ name? I saw the script, but I don’t know how tf to interact with it.

@legerdemain said:
Could someone please help me out on what to do when you get to the page with the long ■■■ name? I saw the script, but I don’t know how tf to interact with it.

You can PM me

@samsepi0l

It’s a fun machine, like Frolic …
y tho…

To be honest , I’m mainly here for the learning experience and look for real life world challenges. I find that boxes that try to be entertaining and be more of a puzzle / Easter egg hunt frustrate me . I appreciate the creator’s efforts but just putting in my 2 cents .

So far, all the steps were completely CTF-Like.

Tip for everyone: Give up trying to find a “realistic” way to go. There is not. lol

The machine is very CTF…
I would prefer machines that actually test our pen-testing abilities…

rooted.
This machine just got my dislike.
The initial entry is CTF like.

The actual www-data & user is nice and the bypass is also nice.

The root was stupid for obvious reasons.

I can’t found the credentials, is too obvious ? because i am reading all things line per line but i don’t see anything yet.

I’m stuck trying to force a round object into a cube shaped one I think. lol. still can’t log in :lol: