Unattended

Yo!, finally rooted,
hints for user:
dont depend on the dump, try to understand how it works.
nested has a meaning.
and remeber it was recently hacked.

root:
try something u must have already noticed before the user :wink:

nice one from @guly

Can someone DM me what the intended root for this box is? I can’t relate to any of the comments about root; I thought it was a total brainfuck but I’m not sure I did it the proper way.

All in all, while I do appreciate the work that goes into making these, I think this box could have used some more hints along the way.

Type your comment> @guly said:

Type your comment> @peek said:

Im gonna wait for the ippsec video. Im wondering if english skills/culture is needed ?

no, nothing like that.

i dont know the meaning of nested

I have a general idea of what’s going on with the box after some enumeration. I have one pair of creds to a service that isn’t open externally and a few usernames for other services. Would anyone like to discuss in PM how to proceed any further? I don’t want to accidentally post any spoilers.

Once you get user, and take a look back on the box, It becomes really not that trollie. The box has some hard bits you can be sure of, but it came out to be kinda fun in my opinion.
Edit: for user. Root seems like it’s going to kill me

Type your comment> @peek said:

Type your comment> @guly said:

 Type your comment> @peek said:

       Im gonna wait for the ippsec video. Im wondering if english skills/culture is needed ?





  no, nothing like that.

i dont know the meaning of nested

Me neither. If someone can make a sense of what “nested” stands for send me a PM.

Most probably nested queries but don’t know what to make of it

Type your comment> @seke said:

Most probably nested queries but don’t know what to make of it

This is what I took the hint as. Anyone who has made it through Endgame - POO would also. But what, how, when, why… idk

There is one specific page mentioned on the site that was disable because of a previous attack. But how to leverage it, idk, I’m having trouble wrapping my brain around how this works. There is info found about vhost routing, but how to use, idk

Moral of story is… idk

that box is not 30 points, it’s harder

to me a 30 point box, you find documentation on the web or in a pdf. Here you have no exploit explained or something.
Plus we had a talk about stopping troll stuffs on the forum.

Type your comment> @0PT1MUS said:

Type your comment> @seke said:

Most probably nested queries but don’t know what to make of it

This is what I took the hint as. Anyone who has made it through Endgame - POO would also. But what, how, when, why… idk

There is one specific page mentioned on the site that was disable because of a previous attack. But how to leverage it, idk, I’m having trouble wrapping my brain around how this works. There is info found about vhost routing, but how to use, idk

Moral of story is… idk

Exactly in the same boat , tried to update but it seems stacked q … do not work here

Soo, I managed to run commands as www-data in a really weird way, but it works. Does anybody want to discuss a more comprehensive or easier way? I can share my way of doing it, but there must be a more easy way. Please PM

i have a full shell, but stuck with user flag

any help for just start pm me please

Type your comment> @peek said:

i have a full shell, but stuck with user flag

Same. Help would be appreciated

i dont blame the box or its author, but who tested the box ? and how ?

Type your comment> @peek said:

i dont blame the box or its author, but who tested the box ? and how ?

And this is just next of many times lately when I wonder if this is a good idea to release machine every week?
Isn’t better to release less but consistently, with good quality and a correct rating of the machine?

Type your comment> @m4rc1n said:

Type your comment> @peek said:

i dont blame the box or its author, but who tested the box ? and how ?

And this is just next of many times lately when I wonder if this is a good idea to release machine every week?
Isn’t better to release less but consistently, with good quality and a correct rating of the machine?

it’s more about the rating, the box is pretty good except the sq* part which is insane.

Any hints on root?

Type your comment> @m4rc1n said:

Type your comment> @peek said:

i dont blame the box or its author, but who tested the box ? and how ?

And this is just next of many times lately when I wonder if this is a good idea to release machine every week?
Isn’t better to release less but consistently, with good quality and a correct rating of the machine?

Pretty sure everyone is asking that same question. I know I have myself.

Type your comment> @guly said:

box author here.
as far as i know, as of now, NOBODY got the foothold as intended. it’s clear to me that the path wasnt clear enough, and it’s of course my fault.
i’m very sorry because i hate guess-game, and this box turned out to be like that to most of you.
enumeration is so slow because you should drop your automated tools and review that 6 (SIX, not the whole raft-large, SIX) pages. then, it’s a matter of looking for the misconfiguration that leads to easily get the bug exploitable to reach foothold.
OR, you can find the same bug by using so many “sleep” from the server that the Sleeping Beauty will wake up ages before you :frowning:

root was just a matter of searching for uncommon things, and thinking about implication and possible workaround. wear your sysadmin hat.

the plan was different and makes sense, turns out that i’m not Spielberg and i cannot make it clear enough for you all.
again sorry if you got this as guess-game, hope you’ll have the chance to re-read this box as soon as the intended way comes out.

I haven’t even gotten user on this box yet due to a combination of being busy IRL as well as being frustrated with the initial steps, thinking it was a CTF #GuessTheBox type thing. It would appear, however, that my initial judgements about it were wrong/misplaced.

I just wanted to say thanks @guly for being honest and taking the time to politely respond to the criticisms in this thread (and handling them so well). We don’t see that very often.

+respect