Chaos

Hi, can anyone pm to give me a hint in the initial foothold, I’m trying hard using zap,go…r,wp…n and no chance to see some stuff or the wp are a rabit hole, thank you!

Can anyone give me a hint what to do after getting w****-da****?
EDIT: He used the same password even there
EDIT: Rooted, PM me if u need help.

Rooted the box! Thank you for @dontknow and @smallgods for the initial foothold hints! For anyone who need a hint feel free to PM :wink:

Anyone could help me with python script plz?
Thanks

So i’ve gotten access to the generator page and have been able to run shell commands with the help of burpe suite. But im stuck as a certain user who cant do much other than show me all the files I dont want :P. Any hints on if I should be focusing on something for priv esc or is this just getting the right type of reverse shell implanted in the requests? Dont see how the latter would work with the current user running those commands.

I’m in the same position, I’ve made it into the box as a low priv user, and haven’t been able to progress from there. I’ve looked over the last few pages and taken some paths from other hints, but something is obviously going over my head. If anyone can push me in the right direction that would be greatly appreciated!

Edit: Made it a little farther. Was able to do actions as another user, and escape a restricted shell with some sticky stuff of my own. Found a user text file, but it isn’t what I expected. Still willing to take help!

Final Edit: Nevermind. Just had to take a break and eat some lunch, figured it out pretty quickly after that! The weird user flag issue I think was caused from me messing with t*r on it, because it was normal after a reset.

[root@chaos ~]# id
uid=0(root) gid=0(root) groups=0(root)

Feel free to pm for tips!

Finally got user… I spent 3 days for it -_- It’s too much ctf style for me :stuck_out_tongue: But I’ve enjoyed this first part. Let’s try to root it :wink:

Edit… rooted… xD

Rooted! Thanks for all the help @tehmoon @env
Pm for help.

rooted, really fun box. PM for hints @P4YDAY

Type your comment> @Malone5923 said:

Can anyone PM on how there were able to connect to the imap server using thundermail or other gui client. I have got the credentials. This cmd is working out for me, having problems fetching message from the drafts folder.

EDIT: I was finally able to use cmd to get the files. Thanks to @m0ckhurts who was kind of enough to supply me this article Connect to IMAP server with telnet | Tech Bits. For those that still prefer GUI, you can use evolution the email address is @localhost. Now its time to take a look at this files and see what the fuzz is all about cracking some file using python. Good luck to me.

I’d just like to thank you for this post. I have been bashing my head on a wall trying to receive the mail from telnet, I chose the GUI route in the end, couldn’t get it working with thunderbird so used evolution. Now onto this decryption!!

Awesome box thanks to sahay GOT ROOT

Is decryption thing the correct way to solve this, or it’s a rabbithole? the plaintext takes me to 404 land.

nvm: Plaintext had some characters trimmed for whatever reason

Rooted! Thanks for the help @sentry.

I have just r00ted this box. I just want to thank some of the hints in here, I found the initial stages quite difficult as i’m new to CTF style boxes. I was majorly kicking myself reading about “the password being right in front of you”…!! haha!! Root was really quick and simple… As everyone has stated, don’t look any further than your house. Thankyou to the creator of the box, you certainly gave me some initial headaches

Rooted the box, if someone needs help, send a PM :slight_smile:

hi ,can some one PM please i can’t figure out with the python script ? thanks

a real Chaos but I enjoyed it especially because for once I didn’t get superstuck anywhere.

@algorithm: google can help you a lot with that problem.

Rooted, thanks for the machine. Sometimes weird but ok

Could use some assistance if someone has a second. I can’t figure out why this file is not decrypting properly. It just decrypts to gibberish every single time and I need someone to sanity check my script.

EDIT: Got it. Turns out, as I suspected, I’m just an idiot.