Ghoul

Type your comment> @MinatoTW said:

Thanks @opt1kz for the priceless feedback. We’re glad that you enjoyed and made full use of what the box had to offer. Apologies for any inconvenience due to the leftovers from previous versions.

I am currently having trouble with root but I am not sure of I am supposed to be bruting *it ?

very good challenge bro either way whether its hard or not nothing is ctf about this box that is what you think until you really pay attention I will admit things are a bit off logic wise to me but my friends had to explain a few concepts about tunnels better and also a few other things that come in handy now I get whats going on and these ■■■■ ghouls keep chasing us humans someone might decide to chase them back :wink:

Edit I think I may have found what you guys mean but im confused as ■■■■ am i supposed to decode this debug stuff somehow?

I appreciate the work put into this box, and while the last vector of attack for (last) root was awesome, the path to reach that point was excessive in my opinion.

No significant find but in the HTML source of the art site, one of the attributes for the slider says data-whitespace="nowrape"- nowrape. I’m sure it meant nowrap. Japanese anime theme FTW!

yes this is unfortunate in the extreme and completely unintended typo by the creator of the original template - we only changed the code for the upload functionality. wouldn’t trivialise something like this

In case you need to verify it - https://colorlib.com/wp/template/sierra/ .

@artikrh said:
I appreciate the work put into this box, and while the last vector of attack for (last) root was awesome, the path to reach that point was excessive in my opinion.

Thanks, we’ll make sure not to stretch it that long the next time. :slight_smile:

@wabafet said:
Type your comment> @MinatoTW said:

 Thanks @opt1kz for the priceless feedback. We're glad that you enjoyed and made full use of what the box had to offer. Apologies for any inconvenience due to the leftovers from previous versions.

I am currently having trouble with root but I am not sure of I am supposed to be bruting *it ?

very good challenge bro either way whether its hard or not nothing is ctf about this box that is what you think until you really pay attention I will admit things are a bit off logic wise to me but my friends had to explain a few concepts about tunnels better and also a few other things that come in handy now I get whats going on and these ■■■■ ghouls keep chasing us humans someone might decide to chase them back :wink:

Edit I think I may have found what you guys mean but im confused as ■■■■ am i supposed to decode this debug stuff somehow?

Thanks for the feedback. Google about the services running and the vulns related to it. You’ll find something surely. :slight_smile:

where is my uploaded files :confused:

easy box gg <3

Is it necessary to root *.10 before pivoting off? Figured I’d ask before I waste more time poking everything sitting here.

ETA: Yep. Totally possible. SO. CLOSE. TO. ROOT. :sweat_smile:

Does anyone want to give a hint about the directory of the uploaded files? I have really tried my best to find but no luck. Thanks.

EDIT: got user, but people are not playing nice and killing services.

Bashing my head against a lot of stuff, wonder if files in /var/tmp are deliberately put there or not. Figuring out how to go from Other users to the main one. Any hints would be most welcome.

EDIT: Got user. Onto root now.
Hint: s*****.**p is important indeed.

I found image ka****i.jpg it’s a rabbit hole or no?

User hint:
Focus on file upload feature.

any hint for root.txt
i got root shell :frowning:

Cannot find my uploaded file…

@Warlord711 said:
Cannot find my uploaded file…

The same problem)

This hint about Sierra I don’t understood
"In case you need to verify it - https://colorlib.com/wp/template/sierra/ . "
I saw a page and I tryed to find some similar, but unfortunately no successful

I think he meant to say for people that wanted to verify about one of the attributes data-whitespace= having a typo on the code. That it was not on purpose.

Looking for root… I found the g*** UI… do I need to brute force?

Edit: NVM, no brute force required, the answer is within you…

I think I’ve tried everything I have to try… I’m open to instructions on what to do to get a shell with the k*****_**m account. Where should I look?

Got user after smashing my head for some time, but I’ve been working on it for almost a day to get root.