Thanks @opt1kz for the priceless feedback. We're glad that you enjoyed and made full use of what the box had to offer. Apologies for any inconvenience due to the leftovers from previous versions.
I am currently having trouble with root but I am not sure of I am supposed to be bruting *it ?
very good challenge bro either way whether its hard or not nothing is ctf about this box that is what you think until you really pay attention I will admit things are a bit off logic wise to me but my friends had to explain a few concepts about tunnels better and also a few other things that come in handy now I get whats going on and these ■■■■ ghouls keep chasing us humans someone might decide to chase them back
Edit I think I may have found what you guys mean but im confused as ■■■■ am i supposed to decode this debug stuff somehow?
Thanks for the feedback. Google about the services running and the vulns related to it. You’ll find something surely.
Bashing my head against a lot of stuff, wonder if files in /var/tmp are deliberately put there or not. Figuring out how to go from Other users to the main one. Any hints would be most welcome.
EDIT: Got user. Onto root now.
Hint: s*****.**p is important indeed.
This hint about Sierra I don’t understood
"In case you need to verify it - https://colorlib.com/wp/template/sierra/ . "
I saw a page and I tryed to find some similar, but unfortunately no successful
I think he meant to say for people that wanted to verify about one of the attributes data-whitespace= having a typo on the code. That it was not on purpose.
wow I must say after fixing the netcat issue and using the correct method and landing a shell as user during the exploit I was able to without adding any keys execute a privesc and achieve root shell but after that it took no more than 15 20 minutes from the time I exploited it with a correct shell to about the time i was able to land a root shell and find what I was looking for I see one last step to get to the war chest which I think is a jdbc connection from some leaked sauce if I am correct not only was this a little diff as I was not able to find the root.txt which means You guys stepped it up I like this and if the extra 20 minutes from landing a shell to getting privesc scares you jeez this is easier than most boxes privesc wise to me logic wise
and being a linux noob I would know that almost everything priv esc is hard in the beginning this made it both logical and easy.
help plz
machine-ghoul
i am stuck at the file upload at ip:8080/index.html
i know, i suppose to upload a reverse shell there but dont know how to bind it into jpeg file. i have search about it , nothing found. please help
Root was a lot of fun, had to automate pretty much everything, especially the last step… Probably the worst machine I’ve seen so far, but in a good way.