Ghoul

@wabafet said:
Type your comment> @MinatoTW said:

 Thanks @opt1kz for the priceless feedback. We're glad that you enjoyed and made full use of what the box had to offer. Apologies for any inconvenience due to the leftovers from previous versions.

I am currently having trouble with root but I am not sure of I am supposed to be bruting *it ?

very good challenge bro either way whether its hard or not nothing is ctf about this box that is what you think until you really pay attention I will admit things are a bit off logic wise to me but my friends had to explain a few concepts about tunnels better and also a few other things that come in handy now I get whats going on and these ■■■■ ghouls keep chasing us humans someone might decide to chase them back :wink:

Edit I think I may have found what you guys mean but im confused as ■■■■ am i supposed to decode this debug stuff somehow?

Thanks for the feedback. Google about the services running and the vulns related to it. You’ll find something surely. :slight_smile:

where is my uploaded files :confused:

easy box gg <3

Is it necessary to root *.10 before pivoting off? Figured I’d ask before I waste more time poking everything sitting here.

ETA: Yep. Totally possible. SO. CLOSE. TO. ROOT. :sweat_smile:

Does anyone want to give a hint about the directory of the uploaded files? I have really tried my best to find but no luck. Thanks.

EDIT: got user, but people are not playing nice and killing services.

Bashing my head against a lot of stuff, wonder if files in /var/tmp are deliberately put there or not. Figuring out how to go from Other users to the main one. Any hints would be most welcome.

EDIT: Got user. Onto root now.
Hint: s*****.**p is important indeed.

I found image ka****i.jpg it’s a rabbit hole or no?

User hint:
Focus on file upload feature.

any hint for root.txt
i got root shell :frowning:

Cannot find my uploaded file…

@Warlord711 said:
Cannot find my uploaded file…

The same problem)

This hint about Sierra I don’t understood
"In case you need to verify it - https://colorlib.com/wp/template/sierra/ . "
I saw a page and I tryed to find some similar, but unfortunately no successful

I think he meant to say for people that wanted to verify about one of the attributes data-whitespace= having a typo on the code. That it was not on purpose.

Looking for root… I found the g*** UI… do I need to brute force?

Edit: NVM, no brute force required, the answer is within you…

I think I’ve tried everything I have to try… I’m open to instructions on what to do to get a shell with the k*****_**m account. Where should I look?

Got user after smashing my head for some time, but I’ve been working on it for almost a day to get root.

Holy Sh** this is crazy I finally got a shell trying to get myself onto there for root pivot this is no joke lol

Did someone changed the password for port 8080?

Type your comment> @f3v3r said:

Did someone changed the password for port 8080?

I’ve had to revert it a couple times when it hasnt worked.

wow I must say after fixing the netcat issue and using the correct method and landing a shell as user during the exploit I was able to without adding any keys execute a privesc and achieve root shell but after that it took no more than 15 20 minutes from the time I exploited it with a correct shell to about the time i was able to land a root shell and find what I was looking for I see one last step to get to the war chest which I think is a jdbc connection from some leaked sauce if I am correct not only was this a little diff as I was not able to find the root.txt which means You guys stepped it up I like this and if the extra 20 minutes from landing a shell to getting privesc scares you jeez this is easier than most boxes privesc wise to me logic wise

and being a linux noob I would know that almost everything priv esc is hard in the beginning this made it both logical and easy.

help plz
machine-ghoul
i am stuck at the file upload at ip:8080/index.html
i know, i suppose to upload a reverse shell there but dont know how to bind it into jpeg file. i have search about it , nothing found. please help

Root was a lot of fun, had to automate pretty much everything, especially the last step… Probably the worst machine I’ve seen so far, but in a good way.