Ghoul

Type your comment> @MisterBert0ni said:

@MinatoTW Thank you for so emotional hack journey :slight_smile: It was like MMPORPG quest )

Thanks ! Glad you enjoyed and half the credit goes to @egre55 :slight_smile:

ā– ā– ā– ā–  near a week on this box but finally rooted. Holy ā– ā– ā– ā– . What a ride. We need more of these!!!

That said, the last root.txt troll was a bit ā€œmuchā€ in my opinion. The other ā€œtrollsā€ were pretty legit, though. Otherwise, I learned a ton from this one. ā– ā– ā– ā–  sure couldnā€™t have done it without a couple guys teaming up with me but the deed is done and just in time for the new box being released in ~1hr.

Good ā– ā– ā– ā–  guys. Thanks for the ride.

Type your comment> @MisterBert0ni said:

@Xentropy said:
Am I daft? Iā€™ve enumerated both sites both with custom wordlists and more ā€œstandardā€ ones but I still canā€™t find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?

This is type of insecure file upload related to extracting file from archive.

Haha, and all this time I figured it was my enumeration failing. Thanks. :slight_smile:

Edit: got user! If you see the user.txt troll keep enumerating! Youā€™re not far away.

On to rootā€¦

Iā€™ve been poking around at the upload, however not finding anything unusual yet with an archive.

actually where is root.txt. i rooted go* * server . and i got ao**r*-**p.7z any hint :frowning:

Edit: rooted.
thanks @0xRick @moxic @cyberus @JonnyVTMRF
I learned a lot

rooted! And I learned a lot on this one. thanks, I hate it.

ā€œYouā€™ve done well to come upto here human. But what you seek doesnā€™t lie here. The journey isnā€™t over yetā€¦ā€

40 points huh?

Feel free to PM if you need help :slight_smile: !

Hello I tried to crack the http auth on the high port without success.
Can you help me please?

Need help on user.Iā€™ve tried to enumerate the port,the website.I got se****.**p,tried to login user with information mentioned but failed.Got the upload,but files could not be found.Use different wordlists with different extensions on dirbuster,but no more useful information.Where should I do furter?

Can anyone assist with root.txt? Iā€™ve found some things in an archive, nothing has worked so far. Not really too sure where to go from here :confused:

Hi guys, i am enumerating every single directory in both of the service, any hints about which list I should use ?

Can anyone give me a tip for rooting the second box? I have root on 1 and 3 and have been enumerating everything, but I canā€™t seem to figure out the next step.

i think i am very close to user. i have ssh shell.
but i cant read the Im*****t.pdf file.
and i dont know how to download it, please if anyone knows tell me

Finally got root.txt. Great job @MinatoTW & @egre55 that was brutally good. I needed some assistance along the way but I learned probably 4 solid new things during the process. One thing though, this box feels like it should be worth like 80 points after that war I just went through, it is definitely worth taking this box to the end though.

Weā€™re glad you had fun!

Type your comment> @backspace said:

Looking for rootā€¦ I found the g*** UIā€¦ do I need to brute force?

Edit: NVM, no brute force required, the answer is within youā€¦

Anyone with some guidance on this one? Iā€™ve been looking inside-out and canā€™t for the life of me find anything credential related, only guts&gore inside me :slight_smile:

i have a ssh shell.
but i dont know what i do next to get user.txt
please help PM

Hello, iā€™v been trying my luck at this box for couple days now and i have some hints but i donā€™t know how they can relate to each other nor where to ā€œuseā€ them, could someone PM me for a hint, thanks !