FluJab

145679

Comments

  • Finally rooted, not sure if in the intempted way... but rooted. Honestly I don't know how to feel about this box. It is indeed a lot of work and frustration and some things don't make any sense. I am afraid that I did not enjoyed this box very much.

    In any case, what I am sure is that 3mrgnc3 put a lot of work on it for us to enjoy and learn and I truly appreciate that.

    So overall THANK YOU 3mrgnc3 for all the effort you put on this box. It is certainly unique :D


    image
                         HTB Profile


  • So i have the nurse and have talked her finding a web page which previously I was able to access but now when i try to access the web page i get a denied response. I am at a loss on what to do? can someone offer me a hint this is probably one of the hardest boxes i have come across...

  • Finally rooted. Sometimes angry about the trolls but its a good box and I learned a lot.

    A lot of work from the creator to make the box not so CTF. Thanks to you @3mrgnc3.

    my hints :

    ### foothold
    As usual, enumeration is the key, as I say previously, if the clown is bothers you, tell him to stay at home. Be careful for browser issues, monitor traffic with burp, zap or firefox debug tools and understand what the HTTP talk mean.
    As say previously, the clown can guide you.

    When find the nurse, everything are say here.

    Next, follow the white rabbit, if you want c**** something, be careful about your tools.

    ### user
    Now, you got a little access, so my technique was to script my enum to avoid big manual and repetitive task, you will save time (network analysis will give you a way).
    You will find a weak that lead you on the hole. Remember that an old bug can stay on a recent system.

    ### root
    If you find something that don't work out of the box, maybe it can work with a a little more effort (nothing in this box is obvious^^).

    Thanks to @Sh11td0wn for his help !
  • So I can make the nurse tell me any story I want, including passwords for doors, but apparently I'm too thick to take a hint on where the door is. Did I miss a previous step or she is still the person to talk to?

  • Type your comment> @kiqrx said:

    So I can make the nurse tell me any story I want, including passwords for doors, but apparently I'm too thick to take a hint on where the door is. Did I miss a previous step or she is still the person to talk to?

    Tell the nurse to read you the whole chapter that contains the password.


    image
                         HTB Profile


  • Finally rooted :)

    Thanks @Sh11td0wn and @krypt for your help, I owe you a ๐Ÿบ .

    PM if you need help.

    leonishan

  • Finally user, great box, If any needs Help, Pm me!!!

  • clowns... clowns... thousands of them :-1:

  • Eventually... this took up a LOT of effort. not so sure everything in here is realistic, but I learned some new stuff. and although it hurt at the time (and I nearly smashed my laptop when one of those damn clowns popped up and scared the sh*t out of me) It felt good to finally get this one wrapped up.

    On the whole a very good box for brushing up on the manual stuff, I've clearly gotten lazy and use tools/scripting far more than I should.

  • Please help me find the nurse. PM...

  • edited April 2019

    I am able to talk to the nurse and she read several books to me. I thought i found a new area s*******-c******-0* but i can't access it. Is this a rabbit hole? I also found other interesting pieces of information in the books but I don't know how to continue.

    Would be cool if someone could give me a nudge via PM. Thanks!

    EDIT: I dug to deep and forgot about my port scans. Now the info from the nurse makes sense.

  • Could someone give me a hint for finding the nurse? I enumerated and I can reach the web page... I check with burp but i don't understand what to do to find the nurse.... PM...

  • edited April 2019

    This was awesome! Great job, @3mrgnc3 ! This is a perfect box for teaching to look at only information that matters so you don't get information overload. There's a lot of things going on on this box, but 95% of the time you don't have to guess and there's plenty of hints around. Probably my favorite box on here so far just because it teaches enumeration so well.

    And yeah, I was also getting SSL errors throughout rooting this box which messed up most common tools. Honestly, I don't mind. It just encouraged me to write my own tools that are resistant to this issue.

    Hints for users that are stuck and pulling their hairs out:

    Don't take a lot of the hints in the forum literally (a lot of what's been said here is kind of codeworded). Consider them more pointers in the right direction, if you stare at them too much you'll lose the point. For people stuck on the nurse, don't take "talk to the nurse" too literally. She doesn't like talking to strangers, so eavesdrop somehow instead. Don't stare at that sentence too long either. Or this one.

    Initial foothold:

    KEEP DETAILED NOTES! This box has a lot of information and you need to refer to it multiple times. If you're not already doing that for boxes, start doing it now.

    Stay within scope and enumerate and look at all the in-scope information available to you. This is an information overload box if you don't keep your eyes on the prize, but one way or another the information to proceed to the next step is always available to you if you focus!

    Once you know what the nurse is all about, check each way you can make her talk and see if you can make the server and information behave in unexpected ways.

    Initial user:

    Once you have some access information that doesn't seem to work, ask yourself if the information is valid or not. If it's valid, how does that make sense and are there other possible interpretations of it?

    (At this point I suspect I started to deviate from the 'intended' route, so users beware)

    Once you're in, enumerate, enumerate some more and enumerate again. Look for particularly juicy information and explore the server and platform you're on to see how it really works behind the scenes. Then, fix the issue you should have discovered in your initial enumeration and start researching how to take advantage of the service you're logged onto to unlock the door in with your keys.

    User/Root:

    I actually got the root flag before the user flag, so I'm combining these.

    Once you've got yourself on the server, enumerate the shit out of it. If you're suffering the symptoms of restriction, just go research treatment and you'll be good to go. Once you've enumerated, something painfully obvious should stick out and that's your last puzzle piece.

    Xentropy
    Null | Nada- | Zip | Diddly | Zilch+

  • Thanks @Xentropy and @Ripc0rd
    Glad you both got something out of it.
    Well done
    ๐Ÿ˜‰๐Ÿ‘
  • @3mrgnc3 I'm pretty sure I found a non-intended way to go from unauthenticated user to root, which also allows crashing services hard enough that only a reset will help.

    I'll pm you the details, maybe you can confirm or deny?

    Hack The Box
    If you ask for help, describe 1) your findings 2) your conclusions 3) your ideas

  • Type your comment> @3mrgnc3 said:

    hahahaha Fuck im out of the band and i have a flu and i need an injection.... Nice hint there @3mrgnc3 :)

    LordeDestro

  • After so many hours I finally made it! I like the box but I'm glad I don't have to touch it ever again :)

    sig

  • @RootRipper said:

    Type your comment> @3mrgnc3 said:

    hahahaha Fuck im out of the band and i have a flu and i need an injection.... Nice hint there @3mrgnc3 :)

    Nice to see someone got the clue instead of amusing I was trolling.
    ;) :+1:

  • Type your comment> @3mrgnc3 said:

    @RootRipper said:

    Type your comment> @3mrgnc3 said:

    hahahaha Fuck im out of the band and i have a flu and i need an injection.... Nice hint there @3mrgnc3 :)

    Nice to see someone got the clue instead of amusing I was trolling.
    ;) :+1:

    I think my knowledge of sp_cof*g is the one trolling me instead. I cant seem to figure out how to get creds from the jab that needs freeing. If anyone can be kind enough and help me before i troll myself to death with false ideas. :(

    LordeDestro

  • Hi guys!!

    This box is amazing, and full of lessons.
    I'm stuck for the moment, with I hope the last challenge before getting user real shell.
    I can add mysefl and partially connect to a service. But even with all i find regarding this service in home/service-config, i can't figure it out.
    Any hint or tips are really welcome in PM, please.
    Thanks

  • edited May 2019

    I keep getting redirects when trying to access https://sys******-*******-1.******.***:8*8, on FF and Curl. I deleted cache & cookies from FF to no avail but curl returns the same redirects so it must not be that. Not sure how to proceed.

    Nevermind, found it.

  • hey all, I would appreciate some direction when it comes to escaping... I can't seem to figure out how to do it. I've exhausted all the methods that I've found online. Any help would be appreciated.

  • i could make the nurse talk and see the responses TIG*R SC**T etc. is this rabbit holes ?, if not, anyone can help to give the direction from here would be appreciated.
    thanks

  • Type your comment> @kecebong said:

    i could make the nurse talk and see the responses TIG*R SC**T etc. is this rabbit holes ?, if not, anyone can help to give the direction from here would be appreciated.
    thanks

    edit:
    got root, thank you @Xentropy and @limbernie for your help! ๐Ÿบ
    Thanks @3mrgnc3 for all the effort you put on this box!

  • edited May 2019

    Type your comment> @Amen0 said:

    Hi guys!!

    This box is amazing, and full of lessons.
    I'm stuck for the moment, with I hope the last challenge before getting user real shell.
    I can add mysefl and partially connect to a service. But even with all i find regarding this service in home/service-config, i can't figure it out.
    Any hint or tips are really welcome in PM, please.
    Thanks

    same boat. any hint please.

    EDIT: Rooted. Interesting and difficult box. Thanks for little help mates.

  • edited June 2019

    *edit - After getting what I needed from the nurse I'm messing with the aj***i login. Pretty confused to say the least. I'm guessing this is where it's been suggested to use firefox? Doesn't seem as wonky, annnnd I'm stuck again.

  • edited June 2019

    Type your comment> @Amen0 said:

    Hi guys!!

    This box is amazing, and full of lessons.
    I'm stuck for the moment, with I hope the last challenge before getting user real shell.
    I can add mysefl and partially connect to a service. But even with all i find regarding this service in home/service-config, i can't figure it out.
    Any hint or tips are really welcome in PM, please.
    Thanks

    I'm also stuck at that place. Could anyone pm me a hint, please?

  • edited June 2019

    Rooted, but now that I read this topic in full I have to comment.

    This is a really great box. Closest to a real pentest assignment for me so far (and I've done some of those). The fact that there is potentially lots of information, many routes, "rabbit holes", annoying proxies - that's all too real. Fortunately, even ignoring the "scope" it shouldn't be too long before you arrive at the promising interfaces if you do things efficiently and have the ability to prioritize (what some people may be lacking?). In real life ready-made tools often fail on you, so you have to get your hands dirty. And you may have to investigate thoroughly once something promising is spotted. The box was dropping some requests from me, as would often happen, but more interestingly I even managed to completely lock myself out a couple of times. That again made it only more real then the rest. Understanding what you are doing and how it influences the rest of the system helps. The root part was nice too.

    As of clowns n shit, I personally found that hillarious :honk::honk: Nice themes and cool content.

    We need more boxes like this one.

  • Is the super leet thing a rabbit hole?

    mogyub

  • Hey @psie
    Really glad you enjoyed it.
    I always appreciate all the well reasoned and articulated feedback people take the time to post. (Both good and bad)
    I'm gonna try getting around to making another similar box sometime soon.

    Cheers buddy,
    ๐Ÿ˜‰๐Ÿ‘

Sign In to comment.