FluJab

Well done @krypt

Hope you had fun :wink:

Finally rooted, not sure if in the intempted way… but rooted. Honestly I don’t know how to feel about this box. It is indeed a lot of work and frustration and some things don’t make any sense. I am afraid that I did not enjoyed this box very much.

In any case, what I am sure is that 3mrgnc3 put a lot of work on it for us to enjoy and learn and I truly appreciate that.

So overall THANK YOU 3mrgnc3 for all the effort you put on this box. It is certainly unique :smiley:

So i have the nurse and have talked her finding a web page which previously I was able to access but now when i try to access the web page i get a denied response. I am at a loss on what to do? can someone offer me a hint this is probably one of the hardest boxes i have come across…

Finally rooted. Sometimes angry about the trolls but its a good box and I learned a lot.

A lot of work from the creator to make the box not so CTF. Thanks to you @3mrgnc3.

my hints :

foothold

As usual, enumeration is the key, as I say previously, if the clown is bothers you, tell him to stay at home. Be careful for browser issues, monitor traffic with burp, zap or firefox debug tools and understand what the HTTP talk mean.
As say previously, the clown can guide you.

When find the nurse, everything are say here.

Next, follow the white rabbit, if you want c**** something, be careful about your tools.

user

Now, you got a little access, so my technique was to script my enum to avoid big manual and repetitive task, you will save time (network analysis will give you a way).
You will find a weak that lead you on the hole. Remember that an old bug can stay on a recent system.

root

If you find something that don’t work out of the box, maybe it can work with a a little more effort (nothing in this box is obvious^^).

Thanks to @Sh11td0wn for his help !

So I can make the nurse tell me any story I want, including passwords for doors, but apparently I’m too thick to take a hint on where the door is. Did I miss a previous step or she is still the person to talk to?

Type your comment> @kiqrx said:

So I can make the nurse tell me any story I want, including passwords for doors, but apparently I’m too thick to take a hint on where the door is. Did I miss a previous step or she is still the person to talk to?

Tell the nurse to read you the whole chapter that contains the password.

Finally rooted :slight_smile:

Thanks @Sh11td0wn and @krypt for your help, I owe you a ? .

PM if you need help.

Finally user, great box, If any needs Help, Pm me!!!

clowns… clowns… thousands of them :-1:

Eventually… this took up a LOT of effort. not so sure everything in here is realistic, but I learned some new stuff. and although it hurt at the time (and I nearly smashed my laptop when one of those ■■■■ clowns popped up and scared the sh*t out of me) It felt good to finally get this one wrapped up.

On the whole a very good box for brushing up on the manual stuff, I’ve clearly gotten lazy and use tools/scripting far more than I should.

Please help me find the nurse. PM…

I am able to talk to the nurse and she read several books to me. I thought i found a new area s*******-c******-0* but i can’t access it. Is this a rabbit hole? I also found other interesting pieces of information in the books but I don’t know how to continue.

Would be cool if someone could give me a nudge via PM. Thanks!

EDIT: I dug to deep and forgot about my port scans. Now the info from the nurse makes sense.

Could someone give me a hint for finding the nurse? I enumerated and I can reach the web page… I check with burp but i don’t understand what to do to find the nurse… PM…

This was awesome! Great job, @3mrgnc3 ! This is a perfect box for teaching to look at only information that matters so you don’t get information overload. There’s a lot of things going on on this box, but 95% of the time you don’t have to guess and there’s plenty of hints around. Probably my favorite box on here so far just because it teaches enumeration so well.

And yeah, I was also getting SSL errors throughout rooting this box which messed up most common tools. Honestly, I don’t mind. It just encouraged me to write my own tools that are resistant to this issue.

Hints for users that are stuck and pulling their hairs out:

Don’t take a lot of the hints in the forum literally (a lot of what’s been said here is kind of codeworded). Consider them more pointers in the right direction, if you stare at them too much you’ll lose the point. For people stuck on the nurse, don’t take “talk to the nurse” too literally. She doesn’t like talking to strangers, so eavesdrop somehow instead. Don’t stare at that sentence too long either. Or this one.

Initial foothold:

KEEP DETAILED NOTES! This box has a lot of information and you need to refer to it multiple times. If you’re not already doing that for boxes, start doing it now.

Stay within scope and enumerate and look at all the in-scope information available to you. This is an information overload box if you don’t keep your eyes on the prize, but one way or another the information to proceed to the next step is always available to you if you focus!

Once you know what the nurse is all about, check each way you can make her talk and see if you can make the server and information behave in unexpected ways.

Initial user:

Once you have some access information that doesn’t seem to work, ask yourself if the information is valid or not. If it’s valid, how does that make sense and are there other possible interpretations of it?

(At this point I suspect I started to deviate from the ‘intended’ route, so users beware)

Once you’re in, enumerate, enumerate some more and enumerate again. Look for particularly juicy information and explore the server and platform you’re on to see how it really works behind the scenes. Then, fix the issue you should have discovered in your initial enumeration and start researching how to take advantage of the service you’re logged onto to unlock the door in with your keys.

User/Root:

I actually got the root flag before the user flag, so I’m combining these.

Once you’ve got yourself on the server, enumerate the ■■■■ out of it. If you’re suffering the symptoms of restriction, just go research treatment and you’ll be good to go. Once you’ve enumerated, something painfully obvious should stick out and that’s your last puzzle piece.

Thanks @Xentropy and @Ripc0rd
Glad you both got something out of it.
Well done
??

@3mrgnc3 I’m pretty sure I found a non-intended way to go from unauthenticated user to root, which also allows crashing services hard enough that only a reset will help.

I’ll pm you the details, maybe you can confirm or deny?

Type your comment> @3mrgnc3 said:

https://www.youtube.com/watch?v=ffV-Nk6tPBk

hahahaha ■■■■ im out of the band and i have a flu and i need an injection… Nice hint there @3mrgnc3 :slight_smile:

After so many hours I finally made it! I like the box but I’m glad I don’t have to touch it ever again :slight_smile:

@RootRipper said:

Type your comment> @3mrgnc3 said:

https://www.youtube.com/watch?v=ffV-Nk6tPBk

hahahaha ■■■■ im out of the band and i have a flu and i need an injection… Nice hint there @3mrgnc3 :slight_smile:

Nice to see someone got the clue instead of amusing I was trolling.
:wink: :+1:

Type your comment> @3mrgnc3 said:

@RootRipper said:

Type your comment> @3mrgnc3 said:

https://www.youtube.com/watch?v=ffV-Nk6tPBk

hahahaha ■■■■ im out of the band and i have a flu and i need an injection… Nice hint there @3mrgnc3 :slight_smile:

Nice to see someone got the clue instead of amusing I was trolling.
:wink: :+1:

I think my knowledge of sp_cof*g is the one trolling me instead. I cant seem to figure out how to get creds from the jab that needs freeing. If anyone can be kind enough and help me before i troll myself to death with false ideas. :frowning: