I finally finished it and I learned 2 huge things.
#1 - I did not know about the o*****n injection threat. That’s an eye opener because I’ve been using those files all willy nilly for a long time. That article was published in 2018.
#2 - Red Hat S***e Definitely going to be using that instead of VNC from now on.
For everyone saying view the logs, I can tell you I beat this without reading a single log, although reading the logs will lead down a successful path as well. I’d wager there is another way to do it without ever having to pwn any of the VMs at all, involving doing a loop mount. Didn’t confirm that.
If you want to exfiltrate the way I did it, think really hard about the i********s file on D*S, and what it’s keeping you from. You’ll also have to know about #2 above.
■■■■ of a box! I thoroughly enjoyed it and learned a lot! Paying respect to @nol0gz.