Chaos

Could use some assistance if someone has a second. I can’t figure out why this file is not decrypting properly. It just decrypts to gibberish every single time and I need someone to sanity check my script.

EDIT: Got it. Turns out, as I suspected, I’m just an idiot.

Although it’s a ctf-ish machine, i learned realy a lot new things, since i’m not that experienced.
If someone needs help, feel free to PM :slight_smile:

Rooted

100% ctf machine, thanks for the box

The inital enumeration was as silly as Teacher, but after that the box got better. There were some fun rabbit holes to go down.

Feel free to PM if you need a hand.

I’m stuck on root. I’ve read through the thread and I think I see what’s right under my nose, but not sure what to do next. I’ve read up (and bookmarked) plenty of blogs about priv-esc, but I’m honestly grasping at straws.

If someone could PM me a hint (or even a good resource) I’d appreciate it.

Anyone can help me with the decryption of the file? I am stuck here, my programming skills are horrible…

Rooted!! Nice box, despite being a ctf-like box it compensates showing us some nice tricks and some cool stuff.

This box should be done more than once, because it have multiple ways and different approaches to get our objectives.

Thanks to the creator

Ask me if you need some help or tips by PM

Whoaaaaah, nvm. Boy do I feel dumb =)

PM I think I am close for the root component. Without giving too many spoilers I currently have two files from a directory that I think can be used to crack it. One is a .j*** file and another is a .d* file but I have no idea how to get the info out of them unless there is another way.

Type your comment> @samsepi0l said:

@mpoitsos said:
I cannot find something inside the mail servers(seems empty), neither i can connect to the web portal with those creds… :frowning: . what am i missing?

f you are sitting on your computer writing an email to your friend and suddenly you accidentally close your browser, where do you think it is possible to see what you were writing again? :slight_smile:

Got the creds and logged in to webmail. The inbox is showing 0 messages. Can’t find any messages. Am I not looking at right thing?

Any nudge about initial foothold would be appreciated. I’ve not found any creds yet:(
Write me via PM please. Thanks in advance.

Please help me. Didn’t find any credenti als yet. I tried various enumeration techniques but no luck.

[Rooted]

Very challenging box but learned a ton from it. You have all the hint you need just read the comments well. Still stuck PM.

I’ve decrypted the file and try to access xxx/J…3
Seems like the page is not found. Any hints?

Used Cewl on the site but no joy so far. Do these creds need to be guessed or are they on the pages?

@Manb4t said:

Used Cewl on the site but no joy so far. Do these creds need to be guessed or are they on the pages?

Don’t be on the rush. cred are in front of you;

anyone no why port 80 is no longer open? I reset it but no luck…

reset again and good. Weird!!!

WOW, that was a lot of fun. HINT take you time explore all. it is not complicated just takes time and research.

Thanks for the fun!!!

This machine is more of finding correct stuff. The machine is playing hide-and-seek with you. So SEEK stuff. It’s fun. You need exploits ~2-3 times.

Good machine though.