man this was the coolest Box. What a great learning experience. Thanks for everyone who provided vital help.
The difficulty of this box is surely deceptive and should be rated high as key concepts of some technologies need to be researched in some depth to achieve root.
I feel so much smarter after solving this box. Cheers.
Hey guys , user was pretty easy but im banging my head over the keyboard for over a week trying to get root . i understand the big picture of b** and how announcing a sub prefix of that network that was mentioned in the tickets would return some readable data via t*****p about a known protocol.
I would be more than happy if someone could help me figure out what’s my next step after announcing that sub-prefix .
Thanks !
edit : rooted , big shoutout to @Izzet for helping me out !
learned alot during this run
Hey guys, I got admin credentials I logged in with. Now I am suspecting I have to do some work with quagga. Think I am on the right track? Not too familiar with this can anyone PM me with some help? Or at least some good resources?
I am so damned stumped on this privesc. I’ve found how to change the b** configuration, i’ve got a topology, but i’m not sure where to go from here. Can someone PM me a nudge or three?
Edit: Rooted. I was so close for so long, turned out my B** game was fine, and it was something simpler than that the whole time…
I have inject commands via RCE, so I have the user.txt flag, but still haven’t managed to get a reverse shell, can some one point me in the right direction, have spent 7 days on this.
I managed to get into the admin panel, does getting the user account have anything to do with the guy who was recently terminated? Or does it have to do with the wolf guy who reported the security issue?
Edit: Oh wait, I think it`s the extinct animal from South Africa?
@MrB00tz said:
I can not get burp to send anything worthwhile to the server, is there someone who can PM me if they can assist. Been at this almost all day. Thanks
@MrB00tz said:
I managed to get into the admin panel, does getting the user account have anything to do with the guy who was recently terminated? Or does it have to do with the wolf guy who reported the security issue?
Edit: Oh wait, I think it`s the extinct animal from South Africa?
I’ve seen people discussing that guy in this forum. But for getting user flag, I don’t think we need him lol. Getting user is pretty straightforward.
Just managed to get the user.txt. I am having fun just messing with this part of the box. It forces you to use Burp’s other features then just the proxy. I have not moved on to the root.txt yet, but if you want some pointers on the user, PM me and I will be glad to guide you.
@MrB00tz said:
I can not get burp to send anything worthwhile to the server, is there someone who can PM me if they can assist. Been at this almost all day. Thanks
Getting to user was pretty straight forward, I think.
However, I am stuck with the PrivEsc part. I found the respective service, used vth to change stuff. T***p does not yield any results on any interface whatsoever.