FluJab

clowns… clowns… thousands of them :-1:

Eventually… this took up a LOT of effort. not so sure everything in here is realistic, but I learned some new stuff. and although it hurt at the time (and I nearly smashed my laptop when one of those ■■■■ clowns popped up and scared the sh*t out of me) It felt good to finally get this one wrapped up.

On the whole a very good box for brushing up on the manual stuff, I’ve clearly gotten lazy and use tools/scripting far more than I should.

Please help me find the nurse. PM…

I am able to talk to the nurse and she read several books to me. I thought i found a new area s*******-c******-0* but i can’t access it. Is this a rabbit hole? I also found other interesting pieces of information in the books but I don’t know how to continue.

Would be cool if someone could give me a nudge via PM. Thanks!

EDIT: I dug to deep and forgot about my port scans. Now the info from the nurse makes sense.

Could someone give me a hint for finding the nurse? I enumerated and I can reach the web page… I check with burp but i don’t understand what to do to find the nurse… PM…

This was awesome! Great job, @3mrgnc3 ! This is a perfect box for teaching to look at only information that matters so you don’t get information overload. There’s a lot of things going on on this box, but 95% of the time you don’t have to guess and there’s plenty of hints around. Probably my favorite box on here so far just because it teaches enumeration so well.

And yeah, I was also getting SSL errors throughout rooting this box which messed up most common tools. Honestly, I don’t mind. It just encouraged me to write my own tools that are resistant to this issue.

Hints for users that are stuck and pulling their hairs out:

Don’t take a lot of the hints in the forum literally (a lot of what’s been said here is kind of codeworded). Consider them more pointers in the right direction, if you stare at them too much you’ll lose the point. For people stuck on the nurse, don’t take “talk to the nurse” too literally. She doesn’t like talking to strangers, so eavesdrop somehow instead. Don’t stare at that sentence too long either. Or this one.

Initial foothold:

KEEP DETAILED NOTES! This box has a lot of information and you need to refer to it multiple times. If you’re not already doing that for boxes, start doing it now.

Stay within scope and enumerate and look at all the in-scope information available to you. This is an information overload box if you don’t keep your eyes on the prize, but one way or another the information to proceed to the next step is always available to you if you focus!

Once you know what the nurse is all about, check each way you can make her talk and see if you can make the server and information behave in unexpected ways.

Initial user:

Once you have some access information that doesn’t seem to work, ask yourself if the information is valid or not. If it’s valid, how does that make sense and are there other possible interpretations of it?

(At this point I suspect I started to deviate from the ‘intended’ route, so users beware)

Once you’re in, enumerate, enumerate some more and enumerate again. Look for particularly juicy information and explore the server and platform you’re on to see how it really works behind the scenes. Then, fix the issue you should have discovered in your initial enumeration and start researching how to take advantage of the service you’re logged onto to unlock the door in with your keys.

User/Root:

I actually got the root flag before the user flag, so I’m combining these.

Once you’ve got yourself on the server, enumerate the ■■■■ out of it. If you’re suffering the symptoms of restriction, just go research treatment and you’ll be good to go. Once you’ve enumerated, something painfully obvious should stick out and that’s your last puzzle piece.

Thanks @Xentropy and @Ripc0rd
Glad you both got something out of it.
Well done
??

@3mrgnc3 I’m pretty sure I found a non-intended way to go from unauthenticated user to root, which also allows crashing services hard enough that only a reset will help.

I’ll pm you the details, maybe you can confirm or deny?

Type your comment> @3mrgnc3 said:

https://www.youtube.com/watch?v=ffV-Nk6tPBk

hahahaha ■■■■ im out of the band and i have a flu and i need an injection… Nice hint there @3mrgnc3 :slight_smile:

After so many hours I finally made it! I like the box but I’m glad I don’t have to touch it ever again :slight_smile:

@RootRipper said:

Type your comment> @3mrgnc3 said:

https://www.youtube.com/watch?v=ffV-Nk6tPBk

hahahaha ■■■■ im out of the band and i have a flu and i need an injection… Nice hint there @3mrgnc3 :slight_smile:

Nice to see someone got the clue instead of amusing I was trolling.
:wink: :+1:

Type your comment> @3mrgnc3 said:

@RootRipper said:

Type your comment> @3mrgnc3 said:

https://www.youtube.com/watch?v=ffV-Nk6tPBk

hahahaha ■■■■ im out of the band and i have a flu and i need an injection… Nice hint there @3mrgnc3 :slight_smile:

Nice to see someone got the clue instead of amusing I was trolling.
:wink: :+1:

I think my knowledge of sp_cof*g is the one trolling me instead. I cant seem to figure out how to get creds from the jab that needs freeing. If anyone can be kind enough and help me before i troll myself to death with false ideas. :frowning:

Hi guys!!

This box is amazing, and full of lessons.
I’m stuck for the moment, with I hope the last challenge before getting user real shell.
I can add mysefl and partially connect to a service. But even with all i find regarding this service in home/service-config, i can’t figure it out.
Any hint or tips are really welcome in PM, please.
Thanks

I keep getting redirects when trying to access https://sys******--1..:8*8, on FF and Curl. I deleted cache & cookies from FF to no avail but curl returns the same redirects so it must not be that. Not sure how to proceed.

Nevermind, found it.

hey all, I would appreciate some direction when it comes to escaping… I can’t seem to figure out how to do it. I’ve exhausted all the methods that I’ve found online. Any help would be appreciated.

i could make the nurse talk and see the responses TIG*R SC**T etc. is this rabbit holes ?, if not, anyone can help to give the direction from here would be appreciated.
thanks

Type your comment> @kecebong said:

i could make the nurse talk and see the responses TIG*R SC**T etc. is this rabbit holes ?, if not, anyone can help to give the direction from here would be appreciated.
thanks

edit:
got root, thank you @Xentropy and @limbernie for your help! ?
Thanks @3mrgnc3 for all the effort you put on this box!

Type your comment> @Amen0 said:

Hi guys!!

This box is amazing, and full of lessons.
I’m stuck for the moment, with I hope the last challenge before getting user real shell.
I can add mysefl and partially connect to a service. But even with all i find regarding this service in home/service-config, i can’t figure it out.
Any hint or tips are really welcome in PM, please.
Thanks

same boat. any hint please.

EDIT: Rooted. Interesting and difficult box. Thanks for little help mates.

edit - After getting what I needed from the nurse I’m messing with the aj**i login. Pretty confused to say the least. I’m guessing this is where it’s been suggested to use firefox? Doesn’t seem as wonky, annnnd I’m stuck again.

Type your comment> @Amen0 said:

Hi guys!!

This box is amazing, and full of lessons.
I’m stuck for the moment, with I hope the last challenge before getting user real shell.
I can add mysefl and partially connect to a service. But even with all i find regarding this service in home/service-config, i can’t figure it out.
Any hint or tips are really welcome in PM, please.
Thanks

I’m also stuck at that place. Could anyone pm me a hint, please?