Chaos

So if someone could PM me about the rb*** of user ay***. It is not working as it is expected to work by the creator of the box: I can use it freely, no restrictions.

I’d be happy to know how I escaped that feature without even trying :joy:. Thanks!

so i got shell as ww***** but i can’t seem to go any further in the system. did i get shell incorrectly or just need to enumerate more from this foothold?

Okay into user.txt, this box does not seems like a easy one, at least for me and for the other noobs out there! Anyway If any help needed you can pm me “BUT FIRST SAY WHAT YOU HAVE DONE” :slight_smile:

Okay!!!This box was more fun than i anticipated! Priv esc was quite nice :smiley:

Hey guys, please could someone drop me a hint on the decryption? In all honesty… i have no idea!

That was a very cool box. I really didn’t like the password guess work in the beginning but as a whole this is a very well done machine. Not sure why others are saying diff. Just my 2 cents.

The RCE type was new for me; Really dug that.
Root; Was… Definitely very cool. At least I thought so.

hi guys, any ideas to scape rbash?

Finally rooted.

User: It will Chaos you. Make sure you gobust everything instead sticking to domains and identify the open source thing. From there everything straightforward which involved multi steps like decryption, later injection, shell escape and user. Not much realistic :frowning:

Root: Once you got user you can see it infront of your nose. Then think how you use lazy feature in browser to see it.

This box is… frustrating to say the least. I decrypted the thing, but what am I supposed to do with p** c***** s******? The URL seems like a troll… any hints in PM would be appreciated as I’m fresh out of magic to solve this mystery…

Edit: nevermind, was having DNS issues

@IteXss said:
hi guys, any ideas to scape rbash?

Hi All, were do we get the elusive password? I did dirb and obtained a w**dp**** site. enumerated further and obtain a l**** screen. I am stumped by Chaos. Please PM me or any advice please!!!

I found this box pretty interesting even though it’s really CTF-like. Anyway, it’s a good opportunity to learn a few tricks! Thanks to @sahay for this box :slight_smile:

Anyone got tips? Found the w* site on the IP url. Also found the w****n panel but cannot find credentials anywhere

I kinda like this box. I appreciate the effort put into creating the box. Thanks @sahay :+1: for you!

So I found creds but can’t find w**l anywhere. Tried logging into m using telnet etc but nothing seems to work

@RyanW18 said:
So I found creds but can’t find w**l anywhere. Tried logging into m using telnet etc but nothing seems to work

try to use something which just not brute force dirs, but the other thins in URL

i got root and user!

@xterm said:

@RyanW18 said:
So I found creds but can’t find w**l anywhere. Tried logging into m using telnet etc but nothing seems to work

try to use something which just not brute force dirs, but the other thins in URL

Or try another well known protocol for accessing this stuff :wink:

hi guys,

so I’m just decrypt the files and success to get RCE on the decrypted files, so I got reverse shell already but as w**-d*** .
now Im working to find user / root.

am I on the right path if im intrested on we**in?

@dualfade said:
That was a very cool box. I really didn’t like the password guess work in the beginning but as a whole this is a very well done machine.

You don’t have to guess it, you can run an enumeration module that will find it very quickly (which I guess is just automated guessing, but still).