Vault

Nice host, it was fun.
The only what I’m wondering about the purpose of restricted shell by the end.

Type your comment> @janewilde said:

It’s never too early to start discussing a new box!
Still enumerating, only found one 403 page :slight_smile:

did you get it ?

rooted: Finally came home… thank you all that helped me… you know who you are

I like this Box. Found a lot of ways to upload my code, but until now no way to get it executed. I can just open and read my code. Or it is going to be interpreted as a picture by the browser. Still dont know how to avoid that.
I will continue learning about bypasses. Already taught me a lot :slight_smile:
Thanks for such a nice Box!

getting shell and D*** user is easy as ■■■■ once you found the directory…took me less than 1 min to get into the ssh…but i guess from now on i’m gonna suffer…

Can someone give me a small nudge? Do I need to enumerate 2 .php files in /s*******s ? I am not able to guess correct username/password and second file is just echoing error? Or am in wrong direction?

i am stuck with ovpn config …I tried to put some config and get a reverse shell in first machine using nc pointing to the correct interface …Can anyone help ?

thanks

Atlast got the root flag …
Happy to help …pm me

I’ve gotten the user.txt flag and I think I found what most are talking about in the log file but I can’t seem to get much to work from it. I’ve got Vault’s IP and it seem to only like a certain port. Not completely sure how to get this working.

Edit: finally got into Vault. Now I’m stuck with the g** file.

Edit: Rooted. Wow !

stuck at D** to V**** part, got all(?) the info(history lesson,123), I think I understand the main idea but don’t know how to do that.
Can anyone help?

rooted couple of days ago, was an interesting box for me, I recommend it for folks preparing for OSCP.

If someone could PM me with a hint on the move from D** to V**** it’d be much appreciated. I cannot seem to find the log file that people here are talking about and I feel like I’m missing something obvious

Hi all,

Am stuck. I’ve managed to login to D*** and now trying to pivot. I’ve setup tunneling and now trying to get callback from o*** but nothing I do seems to work. Also I’ve tried to login to V** service but no luck.

Can someone please give me a tip ? I’ve read through this topic twice :frowning:

Cheers!

Got user and root today, amazing box for learning how to pivot. Had me doing lots of googling but all worth it. Learnt a lot :slight_smile: I liked the touch of GPG :stuck_out_tongue: Made you practice exfiltration

Type your comment> @sk41 said:

Thanks @clmtn for the help! I am on the right track, but it seems that the website functionality to update the *.**pn file is not working properly (on eu-free)…frustrating.

Hi,
that Comment made me thinking… I am on EU-VIP-15, but am stuck at the *.**pn part. I made a “dynamic” Tunnel, to access the thing where i can play with the *.**pn file. But “Update file” always hangs.
Is it a problem i need to solve myself or is that supposed to work and just broken? Please help!

Well… got a connection and the userflag. But not sure if it was the intended way. Can i PM someone about that?

Type your comment> @Timuuh said:

Type your comment> @sk41 said:

Thanks @clmtn for the help! I am on the right track, but it seems that the website functionality to update the *.**pn file is not working properly (on eu-free)…frustrating.

Hi,
that Comment made me thinking… I am on EU-VIP-15, but am stuck at the *.**pn part. I made a “dynamic” Tunnel, to access the thing where i can play with the *.**pn file. But “Update file” always hangs.
Is it a problem i need to solve myself or is that supposed to work and just broken? Please help!

After several resets on the machine, so the function is supposed to work and just broken.
But I saw you got the connection, and userflag. Congratz! :slight_smile:

I wouldn’t mind comparing some notes with other people who have finished this box. What tools do you use for pivots? I personally can’t stand the SSH syntax!

hey folks,
can someone give me a hint how to do a file tranfser from v***? I’m pretty shure I have everything to get root flag but I’m going crazy on how to transfer the key.

if anybody needs help up to this point feel free to ask.

Very challenging box! Very real life. Reminds me of good old OSCP. Thanks to @sk41 and @RyanW18 for helping me on the very last step. Me brainfarting it.