FluJab

Could someone give me a hint for finding the nurse? I enumerated and I can reach the web page… I check with burp but i don’t understand what to do to find the nurse… PM…

This was awesome! Great job, @3mrgnc3 ! This is a perfect box for teaching to look at only information that matters so you don’t get information overload. There’s a lot of things going on on this box, but 95% of the time you don’t have to guess and there’s plenty of hints around. Probably my favorite box on here so far just because it teaches enumeration so well.

And yeah, I was also getting SSL errors throughout rooting this box which messed up most common tools. Honestly, I don’t mind. It just encouraged me to write my own tools that are resistant to this issue.

Hints for users that are stuck and pulling their hairs out:

Don’t take a lot of the hints in the forum literally (a lot of what’s been said here is kind of codeworded). Consider them more pointers in the right direction, if you stare at them too much you’ll lose the point. For people stuck on the nurse, don’t take “talk to the nurse” too literally. She doesn’t like talking to strangers, so eavesdrop somehow instead. Don’t stare at that sentence too long either. Or this one.

Initial foothold:

KEEP DETAILED NOTES! This box has a lot of information and you need to refer to it multiple times. If you’re not already doing that for boxes, start doing it now.

Stay within scope and enumerate and look at all the in-scope information available to you. This is an information overload box if you don’t keep your eyes on the prize, but one way or another the information to proceed to the next step is always available to you if you focus!

Once you know what the nurse is all about, check each way you can make her talk and see if you can make the server and information behave in unexpected ways.

Initial user:

Once you have some access information that doesn’t seem to work, ask yourself if the information is valid or not. If it’s valid, how does that make sense and are there other possible interpretations of it?

(At this point I suspect I started to deviate from the ‘intended’ route, so users beware)

Once you’re in, enumerate, enumerate some more and enumerate again. Look for particularly juicy information and explore the server and platform you’re on to see how it really works behind the scenes. Then, fix the issue you should have discovered in your initial enumeration and start researching how to take advantage of the service you’re logged onto to unlock the door in with your keys.

User/Root:

I actually got the root flag before the user flag, so I’m combining these.

Once you’ve got yourself on the server, enumerate the ■■■■ out of it. If you’re suffering the symptoms of restriction, just go research treatment and you’ll be good to go. Once you’ve enumerated, something painfully obvious should stick out and that’s your last puzzle piece.

Thanks @Xentropy and @Ripc0rd
Glad you both got something out of it.
Well done
??

@3mrgnc3 I’m pretty sure I found a non-intended way to go from unauthenticated user to root, which also allows crashing services hard enough that only a reset will help.

I’ll pm you the details, maybe you can confirm or deny?

Type your comment> @3mrgnc3 said:

https://www.youtube.com/watch?v=ffV-Nk6tPBk

hahahaha ■■■■ im out of the band and i have a flu and i need an injection… Nice hint there @3mrgnc3 :slight_smile:

After so many hours I finally made it! I like the box but I’m glad I don’t have to touch it ever again :slight_smile:

@RootRipper said:

Type your comment> @3mrgnc3 said:

https://www.youtube.com/watch?v=ffV-Nk6tPBk

hahahaha ■■■■ im out of the band and i have a flu and i need an injection… Nice hint there @3mrgnc3 :slight_smile:

Nice to see someone got the clue instead of amusing I was trolling.
:wink: :+1:

Type your comment> @3mrgnc3 said:

@RootRipper said:

Type your comment> @3mrgnc3 said:

https://www.youtube.com/watch?v=ffV-Nk6tPBk

hahahaha ■■■■ im out of the band and i have a flu and i need an injection… Nice hint there @3mrgnc3 :slight_smile:

Nice to see someone got the clue instead of amusing I was trolling.
:wink: :+1:

I think my knowledge of sp_cof*g is the one trolling me instead. I cant seem to figure out how to get creds from the jab that needs freeing. If anyone can be kind enough and help me before i troll myself to death with false ideas. :frowning:

Hi guys!!

This box is amazing, and full of lessons.
I’m stuck for the moment, with I hope the last challenge before getting user real shell.
I can add mysefl and partially connect to a service. But even with all i find regarding this service in home/service-config, i can’t figure it out.
Any hint or tips are really welcome in PM, please.
Thanks

I keep getting redirects when trying to access https://sys******--1..:8*8, on FF and Curl. I deleted cache & cookies from FF to no avail but curl returns the same redirects so it must not be that. Not sure how to proceed.

Nevermind, found it.

hey all, I would appreciate some direction when it comes to escaping… I can’t seem to figure out how to do it. I’ve exhausted all the methods that I’ve found online. Any help would be appreciated.

i could make the nurse talk and see the responses TIG*R SC**T etc. is this rabbit holes ?, if not, anyone can help to give the direction from here would be appreciated.
thanks

Type your comment> @kecebong said:

i could make the nurse talk and see the responses TIG*R SC**T etc. is this rabbit holes ?, if not, anyone can help to give the direction from here would be appreciated.
thanks

edit:
got root, thank you @Xentropy and @limbernie for your help! ?
Thanks @3mrgnc3 for all the effort you put on this box!

Type your comment> @Amen0 said:

Hi guys!!

This box is amazing, and full of lessons.
I’m stuck for the moment, with I hope the last challenge before getting user real shell.
I can add mysefl and partially connect to a service. But even with all i find regarding this service in home/service-config, i can’t figure it out.
Any hint or tips are really welcome in PM, please.
Thanks

same boat. any hint please.

EDIT: Rooted. Interesting and difficult box. Thanks for little help mates.

edit - After getting what I needed from the nurse I’m messing with the aj**i login. Pretty confused to say the least. I’m guessing this is where it’s been suggested to use firefox? Doesn’t seem as wonky, annnnd I’m stuck again.

Type your comment> @Amen0 said:

Hi guys!!

This box is amazing, and full of lessons.
I’m stuck for the moment, with I hope the last challenge before getting user real shell.
I can add mysefl and partially connect to a service. But even with all i find regarding this service in home/service-config, i can’t figure it out.
Any hint or tips are really welcome in PM, please.
Thanks

I’m also stuck at that place. Could anyone pm me a hint, please?

Rooted, but now that I read this topic in full I have to comment.

This is a really great box. Closest to a real pentest assignment for me so far (and I’ve done some of those). The fact that there is potentially lots of information, many routes, “rabbit holes”, annoying proxies - that’s all too real. Fortunately, even ignoring the “scope” it shouldn’t be too long before you arrive at the promising interfaces if you do things efficiently and have the ability to prioritize (what some people may be lacking?). In real life ready-made tools often fail on you, so you have to get your hands dirty. And you may have to investigate thoroughly once something promising is spotted. The box was dropping some requests from me, as would often happen, but more interestingly I even managed to completely lock myself out a couple of times. That again made it only more real then the rest. Understanding what you are doing and how it influences the rest of the system helps. The root part was nice too.

As of clowns n ■■■■, I personally found that hillarious :honk::honk: Nice themes and cool content.

We need more boxes like this one.

Is the super leet thing a rabbit hole?

Hey @psie
Really glad you enjoyed it.
I always appreciate all the well reasoned and articulated feedback people take the time to post. (Both good and bad)
I’m gonna try getting around to making another similar box sometime soon.

Cheers buddy,
??

hey guys! i’m very new to this and thought i’d see what a challenege felt like. Talk about getting rekt… but anyways, would love to pick your brains about how to deal with this clown after the first custom 404. also my burp isn’t picking the page up but i’m sure its because of something i’m not doing. anyone mind giving a noob like me a hand? sorry if i’m annoying or anything