LaCasaDePapel

Rooted &&

Rooted but there is a certain issue with a certain bug on port 4** that causes it to stop working when trying to exploit it. With a little help I got around that but I’m still curious to know what the problem is, if anyone could shed some light on that in PM (or even just discuss the problem) that would be great.

Rooted, this was a fun box but very slow and unstable (at least in the public server). As for hints almost everything that could be said was already mentioned in this forum. PM for more hints if you are stuck.

Rooted. That was a really fun box. I need much time on user part. Thanks to @sazouki for his help in the user part.
PM me if you need any hints

Hi guys,
Some hint to start ??
i was playing with the QR and G-Auth but i don’t found anything !

Can anyone help me with the box via PM? Now stuck at certificate part:(

Type your comment> @EthicalHCOP said:

Hi guys,
Some hint to start ??
i was playing with the QR and G-Auth but i don’t found anything !

check the ports again, maybe you can find an exploit for that online?(not metasploit)

so i have some kind of access through both https and the good old door, managed to add myself to a user’s auth file and have a slightly more stable shell than the good old door, but its still the same thing. pulled another users key via https but i cant seem to get passed this point. i know for a fact my key has the right permissions but it still asks me for a password when i use it. for the good old door and my exact equivalent via the user, i’ve tried various common techniques to break out. i can get a connection back to my box but cant use certain methods of executing binaries.
any tips?

Finally rooted!
Nice box, learnt a lot on SSL client server certificate mechanisms.
My two cents are the following.

Initial foothold
Opened services are there for something… so focus on what you can grab from each service and find an old open door.

User
Once you find the old door, you are invited to play with OpenSSL…so give it a try. Once you managed to correctly authenticate yourself…basic hacking and user is yours.

Root
Just tell the machine to do what you would like her to do.

Cheers!

Finally got root, thanks to the peeps who helped me out.
Some tips and requests:
i used a combo of good old door and https to get user, dont believe what you see from dirs. try some other guys on the box with what you find.
root was… frustrating. The only issue is running in to a million people which is to be expected. as others said, check out what common commands do vice what you think they should do. as soon as you get a user shell, you’ll see the way forward, just dont over complicate for yourself.
a request to those still attempting who are running in to lots of people at the same time:
please dont be a ■■■■. you can get root from user without resetting the box a hundred times. and dont go around deleting a ton of files that others might need. make backups on the box before you go about doing the thing

oh, and if you’re going via https, a particular ending character in your url WILL crash the https server, so try tr -d with what you’re doing or use an online service

Spoiler Removed

Type your comment> @shellsmoke said:

Finally got root, thanks to the peeps who helped me out.
Some tips and requests:
i used a combo of good old door and https to get user, dont believe what you see from dirs. try some other guys on the box with what you find.
root was… frustrating. The only issue is running in to a million people which is to be expected. as others said, check out what common commands do vice what you think they should do. as soon as you get a user shell, you’ll see the way forward, just dont over complicate for yourself.
a request to those still attempting who are running in to lots of people at the same time:
please dont be a ■■■■. you can get root from user without resetting the box a hundred times. and dont go around deleting a ton of files that others might need. make backups on the box before you go about doing the thing

It was me and Sara, the three of us are waiting each other, but right next you done a scripto kiddie has arrived and we wasted a lot of time…
If you was the one that helped me with that strange thing explaining the “magic” thank you :slight_smile:

Did anyone else have trouble using the private key for b****n when trying to SSH? It keeps asking me for the password, even though I’m supplying the private key by “-i”. Anyone who can help? No error message in verbose mode either.

EDIT: smh… just why?

Type your comment> @oliverlyak said:

Did anyone else have trouble using the private key for b****n when trying to SSH? It keeps asking me for the password, even though I’m supplying the private key by “-i”. Anyone who can help? No error message in verbose mode either.

EDIT: smh… just why?

Maybe it isn’t for b****n? There are many users on that machine

Really, really fun box ; was afraid it was going to be a bit too CTFy, but I loved the little deceptions (not trusting what was written sometimes, especially in terms of permissions/command effects/users) and rabbit holes.
Went the HTTPS way, but would love to hear about the unintended way. My P*P skills sucks, so I’ve probably missed it …
Root was solved in 5 minutes … after 3 or 4 hours of trying overcomplicated stuff.

Thank you @thek , was really cool :slight_smile:

Finally got root, however I didn’t like the method very much… User was fun though
Thanks for the hint @Heichou

Edit: I got user through the secure way, if possible could someone PM me about the other way?

im stuck on how to get a shell that is not psysh …

any hep for avoid download path in LFI ?

Hey fellows, plz some help with priv esc. I have a ssh connection already and saw me***ed stuff, but don’t know where to go now… Ty all the guys that teaches things here! You rock!

EDIT: Holy Cow, rooted! Dance root!

root tip: just back to basics. Files unix permissions are the knowledge needed.