LaCasaDePapel

Rooted

Hints
User: I think there are two ways to get user shell. I used the certificate/https route. Copy/paste and your local host are your friends here.

Root: Don’t need to enumerate too much. Once you see what’s going on, you’ll think you have it. If you don’t get the shell after making the necessary mods, check how some common commands run in this environment. They might not be what you’re used to…

is it me or everyone got 443 port always down

hi! im in front of $t**** variable using p** sl v0.9.9 but i have no idea how to extract something useful, i don’t know how to execute anything, using the command "sh" i can see the code of that variable but i’ve googled all night long but nothing;
i don’t want any hint, just some good guy who can tell me where to study to comprend this ABOMINATION.

When I am trying to import personal certificate in firefox I am getting the following error- “This personal certificate can’t be installed because you do not own the corresponding private key”. Why am I facing this problem? Any help will be appreciated.

Type your comment> @Master123 said:

When I am trying to import personal certificate in firefox I am getting the following error- “This personal certificate can’t be installed because you do not own the corresponding private key”. Why am I facing this problem? Any help will be appreciated.

did you generate correctly the client c** with the correct priv8 key ?

@sazouki Check PM

Please stop killing https server

Type your comment> @f3v3r said:

Please stop killing https server

yeah i cannot do anything

Rooted. I learned so many things.
I will try to help anybody , just drop me PM.

Rooted &&

Rooted but there is a certain issue with a certain bug on port 4** that causes it to stop working when trying to exploit it. With a little help I got around that but I’m still curious to know what the problem is, if anyone could shed some light on that in PM (or even just discuss the problem) that would be great.

Rooted, this was a fun box but very slow and unstable (at least in the public server). As for hints almost everything that could be said was already mentioned in this forum. PM for more hints if you are stuck.

Rooted. That was a really fun box. I need much time on user part. Thanks to @sazouki for his help in the user part.
PM me if you need any hints

Hi guys,
Some hint to start ??
i was playing with the QR and G-Auth but i don’t found anything !

Can anyone help me with the box via PM? Now stuck at certificate part:(

Type your comment> @EthicalHCOP said:

Hi guys,
Some hint to start ??
i was playing with the QR and G-Auth but i don’t found anything !

check the ports again, maybe you can find an exploit for that online?(not metasploit)

so i have some kind of access through both https and the good old door, managed to add myself to a user’s auth file and have a slightly more stable shell than the good old door, but its still the same thing. pulled another users key via https but i cant seem to get passed this point. i know for a fact my key has the right permissions but it still asks me for a password when i use it. for the good old door and my exact equivalent via the user, i’ve tried various common techniques to break out. i can get a connection back to my box but cant use certain methods of executing binaries.
any tips?

Finally rooted!
Nice box, learnt a lot on SSL client server certificate mechanisms.
My two cents are the following.

Initial foothold
Opened services are there for something… so focus on what you can grab from each service and find an old open door.

User
Once you find the old door, you are invited to play with OpenSSL…so give it a try. Once you managed to correctly authenticate yourself…basic hacking and user is yours.

Root
Just tell the machine to do what you would like her to do.

Cheers!

Finally got root, thanks to the peeps who helped me out.
Some tips and requests:
i used a combo of good old door and https to get user, dont believe what you see from dirs. try some other guys on the box with what you find.
root was… frustrating. The only issue is running in to a million people which is to be expected. as others said, check out what common commands do vice what you think they should do. as soon as you get a user shell, you’ll see the way forward, just dont over complicate for yourself.
a request to those still attempting who are running in to lots of people at the same time:
please dont be a ■■■■. you can get root from user without resetting the box a hundred times. and dont go around deleting a ton of files that others might need. make backups on the box before you go about doing the thing

oh, and if you’re going via https, a particular ending character in your url WILL crash the https server, so try tr -d with what you’re doing or use an online service