Ghoul

■■■■ near a week on this box but finally rooted. Holy ■■■■. What a ride. We need more of these!!!

That said, the last root.txt troll was a bit “much” in my opinion. The other “trolls” were pretty legit, though. Otherwise, I learned a ton from this one. ■■■■ sure couldn’t have done it without a couple guys teaming up with me but the deed is done and just in time for the new box being released in ~1hr.

Good ■■■■ guys. Thanks for the ride.

Type your comment> @MisterBert0ni said:

@Xentropy said:
Am I daft? I’ve enumerated both sites both with custom wordlists and more “standard” ones but I still can’t find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?

This is type of insecure file upload related to extracting file from archive.

Haha, and all this time I figured it was my enumeration failing. Thanks. :slight_smile:

Edit: got user! If you see the user.txt troll keep enumerating! You’re not far away.

On to root…

I’ve been poking around at the upload, however not finding anything unusual yet with an archive.

actually where is root.txt. i rooted go* * server . and i got ao**r*-**p.7z any hint :frowning:

Edit: rooted.
thanks @0xRick @moxic @cyberus @JonnyVTMRF
I learned a lot

rooted! And I learned a lot on this one. thanks, I hate it.

“You’ve done well to come upto here human. But what you seek doesn’t lie here. The journey isn’t over yet…”

40 points huh?

Feel free to PM if you need help :slight_smile: !

Hello I tried to crack the http auth on the high port without success.
Can you help me please?

Need help on user.I’ve tried to enumerate the port,the website.I got se****.**p,tried to login user with information mentioned but failed.Got the upload,but files could not be found.Use different wordlists with different extensions on dirbuster,but no more useful information.Where should I do furter?

Can anyone assist with root.txt? I’ve found some things in an archive, nothing has worked so far. Not really too sure where to go from here :confused:

Hi guys, i am enumerating every single directory in both of the service, any hints about which list I should use ?

Can anyone give me a tip for rooting the second box? I have root on 1 and 3 and have been enumerating everything, but I can’t seem to figure out the next step.

i think i am very close to user. i have ssh shell.
but i cant read the Im*****t.pdf file.
and i dont know how to download it, please if anyone knows tell me

Finally got root.txt. Great job @MinatoTW & @egre55 that was brutally good. I needed some assistance along the way but I learned probably 4 solid new things during the process. One thing though, this box feels like it should be worth like 80 points after that war I just went through, it is definitely worth taking this box to the end though.

We’re glad you had fun!

Type your comment> @backspace said:

Looking for root… I found the g*** UI… do I need to brute force?

Edit: NVM, no brute force required, the answer is within you…

Anyone with some guidance on this one? I’ve been looking inside-out and can’t for the life of me find anything credential related, only guts&gore inside me :slight_smile:

i have a ssh shell.
but i dont know what i do next to get user.txt
please help PM

Hello, i’v been trying my luck at this box for couple days now and i have some hints but i don’t know how they can relate to each other nor where to “use” them, could someone PM me for a hint, thanks !

I will appreciate if you help me with passphrase. PM
2 hour I can’t find I tried but, but unsuccessful
I found thanks for the help