Chaos

@xterm said:
Guys I found the encryted file and the encryptor, But I really dont know how to decrypt.

Please give me some hints

You can also use the ‘default command line tool for all things crypto’. It has some issues with the beginning of the file but I did not bother to sort them out. The actual content is decrypted correctly using a single command.

Using the scripting language is the ‘right’ solution I guess, but I was curious if I could quickly get it to work using the other tool.

no idea where ze creds either :confused:

Guys if someone managed to decrypt the file PM i am stuck i wrote the decryptor and tried the password that came along with the file but i am still stuck

So if someone could PM me about the rb*** of user ay***. It is not working as it is expected to work by the creator of the box: I can use it freely, no restrictions.

I’d be happy to know how I escaped that feature without even trying :joy:. Thanks!

so i got shell as ww***** but i can’t seem to go any further in the system. did i get shell incorrectly or just need to enumerate more from this foothold?

Okay into user.txt, this box does not seems like a easy one, at least for me and for the other noobs out there! Anyway If any help needed you can pm me “BUT FIRST SAY WHAT YOU HAVE DONE” :slight_smile:

Okay!!!This box was more fun than i anticipated! Priv esc was quite nice :smiley:

Hey guys, please could someone drop me a hint on the decryption? In all honesty… i have no idea!

That was a very cool box. I really didn’t like the password guess work in the beginning but as a whole this is a very well done machine. Not sure why others are saying diff. Just my 2 cents.

The RCE type was new for me; Really dug that.
Root; Was… Definitely very cool. At least I thought so.

hi guys, any ideas to scape rbash?

Finally rooted.

User: It will Chaos you. Make sure you gobust everything instead sticking to domains and identify the open source thing. From there everything straightforward which involved multi steps like decryption, later injection, shell escape and user. Not much realistic :frowning:

Root: Once you got user you can see it infront of your nose. Then think how you use lazy feature in browser to see it.

This box is… frustrating to say the least. I decrypted the thing, but what am I supposed to do with p** c***** s******? The URL seems like a troll… any hints in PM would be appreciated as I’m fresh out of magic to solve this mystery…

Edit: nevermind, was having DNS issues

@IteXss said:
hi guys, any ideas to scape rbash?

Hi All, were do we get the elusive password? I did dirb and obtained a w**dp**** site. enumerated further and obtain a l**** screen. I am stumped by Chaos. Please PM me or any advice please!!!

I found this box pretty interesting even though it’s really CTF-like. Anyway, it’s a good opportunity to learn a few tricks! Thanks to @sahay for this box :slight_smile:

Anyone got tips? Found the w* site on the IP url. Also found the w****n panel but cannot find credentials anywhere

I kinda like this box. I appreciate the effort put into creating the box. Thanks @sahay :+1: for you!

So I found creds but can’t find w**l anywhere. Tried logging into m using telnet etc but nothing seems to work

@RyanW18 said:
So I found creds but can’t find w**l anywhere. Tried logging into m using telnet etc but nothing seems to work

try to use something which just not brute force dirs, but the other thins in URL

i got root and user!