Chaos

I adapted the /e,/h,s file to link to the IP, however browsing to c,.h,:80/ does not load in my browser… curl gives me an answer after like 5 minutes… super weird… 10.10.10.120 gives me the “no direct ip” instantly. Similarly for /w,/ i get the listing, but accessing /w,/w,s/ the page keeps loading indefinitely.

Is this server broken, or what might I be doing wrong? :confused:

just got root.
I really liked it, these kind of boxes are my favourite.
Lots of different tools and techniques, not too hard, and not too easy.
Learned some new stuff too, and explored some new tools to but in my belt.
If you need some hints (it’s still some time left before it retires), feel free to DM me.

Update so far - It is as obvious as I thought coming back to it and help from some people, I have yet to get user or root on this one though - I feel like I need to do more for my CTF boxes as I’ve been dreadful on this one.

Wow oh man, I got it root. That was crazy.

[USER]
Harder than I thought. Thanks @fjank for that help.

[ROOT]
Seen some hints are here that point you in the right direction. This part was easier for me that user. Do some googling and remember who’s directory you’re in :wink:

DM me for hints.

Need help getting a reverse shell. I know what commands are blacklisted, listed the binaries installed on the machine so I know what command to send to pop the shell, but how do I run the command?

I can write to files, run a command and save its output to file, but I don’t know how to trigger my shell.

*EDIT: Never mind, got it! Just trying to get root now.

I adapted the /e,/h,s file to link to the IP, however browsing to c,.h,:80/ does not load in my browser… curl gives me an answer after like 5 minutes… super weird… 10.10.10.120 gives me the “no direct ip” instantly. Similarly for /w,/ i get the listing, but accessing /w,/w,s/ the page keeps loading indefinitely.

Is this server broken, or what might I be doing wrong? :confused:

Your browser probably loads that file on startup, restarting it should fix it!

Just finished enumerating this one. I can see that there could potentially be a lot of rabbit holes. I guess that is the point, to determine what is valid and what is a total waste of time. Being lazy, I may not spend too much time here unless w*******s reveals anything.

Got some c***s but I did it manually and can’t get my tools to automate it, anyone want to pm me if they got this in an automated fashion? I’d like to learn for future.

I am stuck on escaping the rbash section. I have read all the comments and tried to perform every escape with no luck. I was however able to read the user flag without escaping rbash so there is that.

If anyone could PM me with a hint on escaping rbash that would be great.

@yunolikeme1 said:
I am stuck on escaping the rbash section. I have read all the comments and tried to perform every escape with no luck. I was however able to read the user flag without escaping rbash so there is that.

If anyone could PM me with a hint on escaping rbash that would be great.

Yeah my hint to this:
rbash cut off your legs(cd) and took out one of your eyes(ls) :frown:
but you still have one other eye… one that can see the true PATH…

too obvious?

totally stuck on the l***x page. shooting blanks with my friend Sebastian’s way. PM?

EDIT: Never mind. got shell after hours of head banging. Try harder I guess

for those of you stuck in rbash ; it won’t help you escape but could help you to know that you can list files the usual way you would in windows

Stuck on the p** maker page. From reading comments, I see this is where I can get RCE, but stuck for days. Anyone PM me a nudge? A hint is preferred, not a spoiler. Thanks in advance.

**Edit, got to restricted shell. Yay.

Once I got the limited shell, I was able to get user pretty quickly. I really think I didn’t use the common method, please message me with how you escaped rbash and I can share my method.

Can someone PM me a hint for the initial creds?
I cant find them after multiple enumeration.
Found multiple locations to log into, but no creds.
Also found that w*******s.

Last day and I made it! Put all my effort in here. Been days to gather ideas to get the shell. After that, is more less “easy” to root.

Have fun with this box.

For those of you trying to get this before its retired hit me up for nudges, I am more than willing to help.

I was going to give up on this one but now I am hooked.

just got root :slight_smile: fun challenges! getting an initial foothold is harder than getting root haha. hit me up if you want a hint <3

Type your comment> @felamos said:

you like it, thanks!

Me, too. Would appreciate any hints on the used frameworks or tools. (Can’t access it any more without VIP to have a look myself)-:wink: