LaCasaDePapel

Finally rooted!
Nice box, learnt a lot on SSL client server certificate mechanisms.
My two cents are the following.

Initial foothold
Opened services are there for something… so focus on what you can grab from each service and find an old open door.

User
Once you find the old door, you are invited to play with OpenSSL…so give it a try. Once you managed to correctly authenticate yourself…basic hacking and user is yours.

Root
Just tell the machine to do what you would like her to do.

Cheers!

Finally got root, thanks to the peeps who helped me out.
Some tips and requests:
i used a combo of good old door and https to get user, dont believe what you see from dirs. try some other guys on the box with what you find.
root was… frustrating. The only issue is running in to a million people which is to be expected. as others said, check out what common commands do vice what you think they should do. as soon as you get a user shell, you’ll see the way forward, just dont over complicate for yourself.
a request to those still attempting who are running in to lots of people at the same time:
please dont be a ■■■■. you can get root from user without resetting the box a hundred times. and dont go around deleting a ton of files that others might need. make backups on the box before you go about doing the thing

oh, and if you’re going via https, a particular ending character in your url WILL crash the https server, so try tr -d with what you’re doing or use an online service

Spoiler Removed

Type your comment> @shellsmoke said:

Finally got root, thanks to the peeps who helped me out.
Some tips and requests:
i used a combo of good old door and https to get user, dont believe what you see from dirs. try some other guys on the box with what you find.
root was… frustrating. The only issue is running in to a million people which is to be expected. as others said, check out what common commands do vice what you think they should do. as soon as you get a user shell, you’ll see the way forward, just dont over complicate for yourself.
a request to those still attempting who are running in to lots of people at the same time:
please dont be a ■■■■. you can get root from user without resetting the box a hundred times. and dont go around deleting a ton of files that others might need. make backups on the box before you go about doing the thing

It was me and Sara, the three of us are waiting each other, but right next you done a scripto kiddie has arrived and we wasted a lot of time…
If you was the one that helped me with that strange thing explaining the “magic” thank you :slight_smile:

Did anyone else have trouble using the private key for b****n when trying to SSH? It keeps asking me for the password, even though I’m supplying the private key by “-i”. Anyone who can help? No error message in verbose mode either.

EDIT: smh… just why?

Type your comment> @oliverlyak said:

Did anyone else have trouble using the private key for b****n when trying to SSH? It keeps asking me for the password, even though I’m supplying the private key by “-i”. Anyone who can help? No error message in verbose mode either.

EDIT: smh… just why?

Maybe it isn’t for b****n? There are many users on that machine

Really, really fun box ; was afraid it was going to be a bit too CTFy, but I loved the little deceptions (not trusting what was written sometimes, especially in terms of permissions/command effects/users) and rabbit holes.
Went the HTTPS way, but would love to hear about the unintended way. My P*P skills sucks, so I’ve probably missed it …
Root was solved in 5 minutes … after 3 or 4 hours of trying overcomplicated stuff.

Thank you @thek , was really cool :slight_smile:

Finally got root, however I didn’t like the method very much… User was fun though
Thanks for the hint @Heichou

Edit: I got user through the secure way, if possible could someone PM me about the other way?

im stuck on how to get a shell that is not psysh …

any hep for avoid download path in LFI ?

Hey fellows, plz some help with priv esc. I have a ssh connection already and saw me***ed stuff, but don’t know where to go now… Ty all the guys that teaches things here! You rock!

EDIT: Holy Cow, rooted! Dance root!

root tip: just back to basics. Files unix permissions are the knowledge needed.

How to do me***d priv esc. plz help me

Does anyone know how to stop this ■■■■■■■ HTTPS port from going down every single time I try to LFI? This is absolutely infuriating; I just want to make progress and it seems like I have to reset the box every time. Any tips are completely welcome. Gonna be a thumbs down on this one for me, dog.

Rooted! Nice box. PM me for hints

Got the foothold via vulnerability from one of the port services. Now on py shell. Ran command to read a certain variable. I somewhat understand the contents of the variable but don’t know what to do next. What do I do with the contents of the $t*** variable? Please PM me. Thank you.

■■■■■■■■ this was hard box for me … hints here are plenty and far enough. If someone needs directions pm me.

Like many others I’m stuck on $t****, documentation for this seems to be hard to find for me. Can someone either give me a hint on how to proceed or recommended reading material?

Type your comment> @mogyub said:

Like many others I’m stuck on $t****, documentation for this seems to be hard to find for me. Can someone either give me a hint on how to proceed or recommended reading material?

Type your comment> @jumson said:

as far as $t***o – I found the best help was already included that environment. I’ve been learning how to use that language to do this box, and I simply REPL icated the functionality to get what I wanted.

So many people have asked me about https access, so here is the site that will give you all you need.