to me that box is not real-life it is a ctf…dont get the web chart
IMHO every box contains CTF elements, some over do it, some just try to minimize them as much as they can to represent real case scenario. But at the end of the day all boxes at least the active ones the creators are mixing things together to make it more challenging, but what they SHOULD do is find a good balance between the two.
I solved it. If anybody wants any hints, PM me. I won’t spoil the fun for you.
Btw, this box is not CTF like. I didn’t have to guess for stuff. The only painful thing was the certs because openssl cmd is a disaster.
find me a website where you can generate a key
Let me preface this by saying that I don’t want to start a flamewar. It seems that you got User on the box so I can respond without spoiling it for the others.
That functionality that you leveraged to solve the TLS issue is an RFC for a bit more than a decade and it has been in discussions for almost two decades. This feature has been a freaking pain in the ■■■ for users to handle but lately we “”“DevOps”“” so users don’t see it. It’s a feature widely used in Fortune and Tech companies and generally big corporations (maybe for the past 2-3 years?).
Even the way it’s tied with the next step, is stuff that happens (or some variation of this). All of the above tipped me off and this is why I’m saying it doesn’t look like a CTF.
This is a flow that exists and variations of it will come up more often inside corporate networks because it’s an easy and convenient way for developers, users, infrastructure engineers and god knows who else to do stuff without having extra overhead.
got root root is tricky and reading code and backtracing is required. I don’t have much coding experience so got some hiccups.
PM for hints. That’s awesome box anyway. Leant lot of new things.
Getting user was pretty awesome. I can’t say the same for root. IMHO, I thought it was a pretty lame find. It only made sense when I finally got it. I can only blame myself for not seeing the obvious.