Frolic

Anybody know why this machine is so unstable ? every 5 minutes everything stops responding. Can’t progress efficiently on that machine because of that… :confused:

Oh My God . It was so sucks. I find id**s . I waste more time on Node-red . But I finally find plas on something else. now I can’t login. I try all I found the users and passwords.
need hint. Please PM me. thanks.

edit: login success.

misc challenge is very helpful for this machine.and I complete all misc challenge. so I quickly found cert. But I waste more time to find pl****s.I did a subdirectory scan。but I
Stupidly append path to subdirectory and I got 404. my god. I know I am in finally step to get user.but why I can’t login. ummmmmmmmm. Please PM me .

Can anyone help me with getting user? I have creds I just don’t know what to do with them.
Edit: I got user and root.

If someone else that got root would tell me their approach, I’d be interested.

Rooted!!! Interesting challenge, lot of learning from this box. If you need some hint to do this please PM me. Im glad to help as anyone that help me to solve it.

Got user

Whenever I try to u*p the file, it says "its not a archive. I have taken the base64 code and converted it to hex. After which I created a z file using vi hex mode and pasted the hex code obtained.

But its not working, can someone help? What am i doing wrong?

So I figured out what to do with the second weird strings and got a new one now… ughh stuck on this point. PM me please I need help :frowning:

Type your comment> @positivevibes said:

So I figured out what to do with the second weird strings and got a new one now…

Got me beat, I am still stuck on the second weird string! Could use some advice where to look to figure that one out,please!

need help in prevesc

someone can helpme?
i have one passw or i think this, but no have usr.
and no have more ideas.

Rooted! Very fun BOF exercise at the end too. Finally learned the basics of ROP haha. I’m really conflicted about this box since I didn’t enjoy the process to get user at all… but privesc was incredibly fun!

ok, decoded a bunch of strings to get an index file. But it wont open when I use Cyberchef, and the z.i.p says it has a password when I use another decoder// Very frustrating first box for me. Are all of them like this one?

Rooted. I don’t like those CTF-ish box.
I would not recomand this one to beginners on this website.
Rooted the BoF way, I am super curious to know other ways to root the box. Feel free to PM about that, I would be glad to read your way of rooting it.

Tips for the BoF :

ldd --version will be your friend (then → https://libc.blukat.me/ – scroll down)

If you are stuck, read WU about other standard ret2libc. You can PM me about that also.

Tips for user part :

Google for esoteric languages :wink:

Went from really annoying CTF challenges to pretty basic yet fun privesc.

So I found the baup/ dir and I see what looks to be breadcrumbs to a lp/ that says not authorized. Im trying to figure out how to dig into this but unsure what direction to move in! Any help would be fabs!

Where Oh Where to use these credentials.

Hello, I have idk*********s and enumerated the high http port but found nothing yet, I mean I found 4 dirs (one of them is loop) but found nowhere to use the pass. I’ve also found other service (brazilian dance) but doesn’t seem to be the way.
What am I missing?

I’ve also enumerated subdirs for every dir I’ve mentioned before. I’m stuck now, I’d appreciate any hint or nudge you can give me.
Thank you!

Oh! Almost forgot I also have a pair of creds, usr/pass, found in b****p dir but nowhere to use them.
I’m completely lost.

Edit: Done user! Thank you @clmtn

Hi guys, I have found the two pairs of credentials + the “idk” password.

Have enumerated directories as much as I could, using both Gobuster and Dirb, used different wordlists (for both directories, files) and still can’t find that login page for “ps" that everyone seems to find. I have found the "ps” directory but it just returns a 404 + I have tried to enumerate files and further directories from that one, with no success.

I keep running into those loop directories which are recursive up to a certain point, but I have a feeling that is just a rabbit hole.

Would appreciate a PM on which direction I should go :frowning:

I successfully logged-in p**YS*S.

Now how to get user? can’t able to determine p**YS*S version.

What type of shell I should here i.e bind or reverse.

what interface I need to use i.e eth0 or tun0.

I used metasploit but it starts reverse handler and then it shows “Exploit completed but no sessions was created”.

Please help