LaCasaDePapel

@thek is secure service blocking my attempts or just service is broken ? It’s really really annoying to reset the box everytime. There should be a scheduled job to bring it live. I’m not sure how others solved it.

Spoiler Removed

Type your comment> @hackiso5000 said:

I get how the old door is working and got the P**Sh. Added to a**_k*s.
Also got the c**t working fine for 4**.
Got user.txt.
me**d seems to be useless. Tried a few ways to get a proper s**l but I’m stuck on user d** with P**Sh.
Anyone willing to PM and give me a hint on how to proceed?
Would be greatly appreciated.

Same spot here. I’d also appreciate some nudges on how to escape PSh with user d*

Y try use the c** from me*****, but only show “END”

Any hint for root? Iḿ stucked for hours now… Trying to read anything from me******. Nothing works out.

Spoiler Removed

Ok let me give you a hint, if you are working for root your shell is not going to be tty or stable before it crashes and you see a connection from blah type in a linux command :wink:

Be careful it’s like reset twice modify twice get lucky and catch shell

Type your comment

Rooted. Parts of this box I liked, others were not so much fun. The constant resets and changes did make this box less enjoyable.
Big thanks to @Jycerian and @CHUCHO for putting up with my ridiculous questions.

So, for my hints.

Initial foothold: An established vuln will open the door to an interesting service. Googling the header will make things a little easier in terms of commands. Use the service to get what you need to proceed to User.

User: Use what you found in your foothold to give you access through another service. A few tweaks are needed to walk the paths you need.

Root: I admit I failed to think in simple terms. Find what you need during your User stage to give you direct access. That that is in front of you is all you need to “work on” to get what you need.

If I’ve spoiled too much, let me know and I’ll edit.

If you need more concrete hints, PM me. Don’t forget to tell me what you have tried so I don’t spoil too much!

Hi this box make me crazy :smiley: i found the way of the p************
but i’m lock right here, i can read some files, even upload some to tmp/ a hint will be welcome
thank !

OK people, I have responded to over 50 messages in the space of a couple of hours. I am always happy to help, but it is time for me to get some sleep. Feel free to PM me, but know that I probably won’t be able to respond for at least 8 hours, possibly more! :slight_smile:

Got user :smiley: thank at all !

forgot to tell thank to > @AzAxIaL

Still stuck on user. I’ve discovered the “old door”. Using that door I’m able to read files and list directories. I’ve located the user.txt but have no permission to do it. Have found the c*.e file, and a lot of other interesting files and directories. But for the moment no way to read the user.txt nor to get RCE or shell. For tje moment, the only path I’m follwing is the old door. Haven’t fight against HTTPS yet. Really don’t know if necesary

Hi Everyone, I already have a valid user and ssh access to the box. Anyone that could give me a hint to root? I have some ideas but I am not sure how to do it.

Wow rooted… root was a bit tricky, I wouldn’t have imagined that some commands would have worked even when my logic said that wouldn’t.

PM if you need some help.

Seems like the machine requires a reset every time the old door becomes unavailable. Am I doing something wrong? I hate to reset the machine if I’m bugging other users trying to get in, there’s also a limited number of times I can reset it …

I’ve pulled out all the stops for root at this point, longest privilege escalation I’ve had to endure so far. Don’t understand what I’m missing.

Heart is where is home is.

r00t if you need PM :slight_smile: great box ! really great , a lot of rabbit holes ^^