Curling

need a tip or a push in the right direction with getting or seeing user. I can see the .txt location just don’t know how to view. the commands I’ve used doesn’t work. i may also be overthinking it.

Right so I’m in the special an-a*s area, managed to get the user while on break at work, but maybe it’s my tired friday night brain, I cannot figure out what to put in THAT file to get it to output what I’d like. Anybody able to give me a hint? Thanks.

@Epictetus said:
Right so I’m in the special an-a*s area, managed to get the user while on break at work, but maybe it’s my tired friday night brain, I cannot figure out what to put in THAT file to get it to output what I’d like. Anybody able to give me a hint? Thanks.

If you can deduce what application is at work and the relationship between the files and what is going on around you, you should research that application’s syntax and take it from there. You know what you want and where to find it. So go get it and output it where you are allowed to.

So I got root.txt, took forever on the VIP server. Switched to free and the same method worked instantly. Go figure.

Thanks so much to @sec4rc and @jkr for the help. I guess I would have eventually gone insane if I hadn’t tried the free server.

well, i was able to see user.txt last night but after the resets im back at square 1. i think i was able to see it due to someone who already had an exploit running on the machine. the machine is getting restarted every few mins so not able to do anything to figure this out. first time trying to do this.

The hint is there in the box’s name. For the life of me, I couldn’t understand the sport though.

I got user and now I’m probably overthinking priv esc… Can somebody DM me with some hints?

Been through the whole thread, but still a little murky on privesc for root. I don’t want to say much for sake of potential spoilers for others.

I have user.txt already, have found the Area I need to be in for privesc, and am now trying to figure out how to use the necessary command and files together. I’m 99% sure I know what command I ultimately need to use and have been reading articles on it, but am having trouble finding info on how to properly do what I need to do with it here. If anyone’s got a few mins to nudge me in the right direction via PM, I’d super appreciate it.

@Fighter81 said:
It’s in the main page…just look close… :slight_smile:

I was with every one else. i tried everything I could but didn’t think of one thing until you said that. I had the right username just not correct haha.

Hi Guys, i have a low priv shell as www-data and have found the P_B file. I have got the file extension but tried ways to decompress it but it says it’s not that type of file. I have been through the over the wire bandit video but still unable to decompress it. Can anyone nudge me in the right direction? Ive been trying this for a day no. I got the shell within 30 mins and stuck on this.
Thanks in advance

Just managed to get user and root. Hints here helped immensely without giving it all away. Thanks guys.

However, could someone PM me hints about how to get root shell?

Can someone PM me with a hint to get a shell once I have the site login?

Been struggling for 2 days. I’m new with all of this and i know this box kind of easy for others. But i couldn’t even find a way to upload the shell. Been trying LFI but no luck (or maybe i did a wrong way).

How many votes or how long does it take to reset box? Someone defaced it and cant do anything now…

Edit: Fixed now but would still like to know how it works.

@Deus9 said:
How many votes or how long does it take to reset box? Someone defaced it and cant do anything now…

Edit: Fixed now but would still like to know how it works.

Usually when you request it on your server it takes two minutes. This gives someone time to do the /cancel command on it to stop it if they are still activly doing what they are doing. So if you are on the free servers there could be a good chance it gets canceled.

Plus I just defaced mine haha

Anyone that was able to get a root shell able to message me? With help I was able to get the root.txt, but I would like to learn how others are getting a root shell on the box to add to my knowledge.

Just took down this bad boi. Anyone need help pm me got root shell and everything.

For root → keep it simple, you know somethings are being saved to some files. U know a certain program is running who’s name is very similar to that of the box lol. Finally, you have everything you need in the home directory of the lower level user!

Good luck!

Nice challenge!

Can i please get some help with p***_b**** ? I know what file it is , **2. Tried a few things to open it or decrypt it with no luck… can someone pm me with a hint please? (i did go through all the hints provided on this site)

P.S PLEASE stop resetting the box every 5 mins! And stop defacing or adding upload forms to the main page… You can use a TINY command to get reverse shell, no need to upload files etc.

@Deus9 said:
Can i please get some help with p***_b**** ? I know what file it is , **2. Tried a few things to open it or decrypt it with no luck… can someone pm me with a hint please? (i did go through all the hints provided on this site)

P.S PLEASE stop resetting the box every 5 mins! And stop defacing or adding upload forms to the main page… You can use a TINY command to get reverse shell, no need to upload files etc.

Try running it through CyberChef (google it) - this helped me massively