LaCasaDePapel

@z3255859 same problem

I’m stuck at the p** shell. I’ve found the code for $t**** but I don’t know what to do. I will appreciate some hints.

Type your comment> @HackSh00t said:

I’m stuck at the p** shell. I’ve found the code for $t**** but I don’t know what to do. I will appreciate some hints.

Pm me…

Could anyone give me a nudge for root?

hi all can someone pm which character keeps crashing the service?

Rooted. Enjoyable box. Possibly my favorite.
It’s easy to overthink this one. There’s a reason it’s rated easy. If it’s looking too complicated, you’re overthinking it. Go back to basics.

My hints (HTTPS way):

User: Enumerate! In full. All ports, all services. You’ll obtain some loot. Save it for later. Next, as mentioned before, there’s an old door. Knock on it and it should let you enter. You’ll be greeted with a message. If you know what it is, great! If not, google it. Talk to it in nice, simple terms and you’ll be presented with a gift from a far eastern metropolis. Analyze it! Even if you don’t understand its function, focus on what you do understand. Read it line by line. It’s giving you a massive hint. Also, some more loot is obtained here. Use that loot and the loot from earlier to get to the right page. Once there, find out what you can get, not what you can do. Again, stick to basics and you’ll get what you need.

Root: Easier than user. It’s right in front of you once you’re inside. Don’t confuse yourself by over-analyzing it. Think how you can make its job work for you. Again, stick to basics.

I hope I haven’t given away too many spoilers.

Finally got root on this box! Took a lot longer than I thought it would, but happy i got it! Definitely learned A LOT from this box, so thank you @thek for the box.

PM for hints :slight_smile:

I’m stuck at the p** shell. I’ve found the code for $t**** but I don’t know what to do. I will appreciate some hints.

PM for Hints !!!

any hint for root ? I got ssh shell… and stuck :frowning:

hey guys,
i have generated my .c** using the server’s c*.*** and .c** then converted it to .**2, i have double check both details and both are as close as each other’s, imported it, yet it giving me the same certificate error

can anyone help please !!

@anonymous187 said:
hey guys,
i have generated my .c** using the server’s c*.*** and .c** then converted it to .**2, i have double check both details and both are as close as each other’s, imported it, yet it giving me the same certificate error

can anyone help please !!

NEVERMIND!! had to refresh stuff

I just found a way for user. need some help, can anyone hint what is username for this machine? like after /home , under what name is user flag?

Im on VIP server and my nmap scan has gave up on a port and is 70% through after 14mins…

Is that normal for this box? surely not

Finally able to get root :slight_smile: thanks to @chrisx87 and @AzAxIaL .

Root! Was a long trip.

Thanks @amra13579

Type your comment> @blink3r said:

Finally rooted!
Nice box, learnt a lot on SSL client server certificate mechanisms.
My two cents are the following.

Initial foothold
Opened services are there for something… so focus on what you can grab from each service and find an old open door.

User
Once you find the old door, you are invited to play with OpenSSL…so give it a try. Once you managed to correctly authenticate yourself…basic hacking and user is yours.

Root
Just tell the machine to do what you would like her to do.

Cheers!

thats the worst hint i have ever read in the entire forum.
I dont understand why people write these comments here anyways.

Anyone else have trouble getting p**y running on this box? I’ve got an ssh shell but nothing happens when I run the script. Is this a limitation of ssh? A busybox thing?

managed to nab id_*** via LFI under the user b****, I figured I’d be able to get past the password auth when trying to connect using s** with this file, but no matter what I do, I can’t seem to get around it? i’ve tried to chmod 600 id_*** but no dice

Hey guys, please could someone drop me some advice on where to go after $t******. I imagine it requires me to make an S** cert but i’m not really sure how i’m going to do this on a p** shell

Type your comment> @austin69 said:

managed to nab id_*** via LFI under the user b****, I figured I’d be able to get past the password auth when trying to connect using s** with this file, but no matter what I do, I can’t seem to get around it? i’ve tried to chmod 600 id_*** but no dice

Maybe it is not meant for the same user you are talking about!!??!!??