LaCasaDePapel

That’s a lot of work for a 20 point box…but i enjoyed…
Ping me if you need any hints…

Finally got this one. I learned something new here every step of the way, great box.

I’ve got the key, I just need help with the openssl part. Can anyone PM me on getting a valid cert?

Was a fun box. especially they keys made me look into some new things :slight_smile:

Now I can’t seem to get the reverse shell to work inside mem

Rooted, root priv esc was far easier than user for me.

Shout out to @p3tj3v for helping me when I turned stupid.

Happy to help via PMs, especially if you’re struggling with the cert rubbish like I did.

Anyone who can PM me a nudge on how to get c*.k** from $t***o. I can see the code but dont know how to proceed.

Thanks

Edit: Got it thanks to @heXd

rooted. learned something new for user AND root. Thanks to all for the help along the way!

I had everything perfect for root and it still wouldn’t go, after reset, everything worked fine and I’m even on VIP. So give that a shot if you’re stuck on root and you think it should be going but it’s not.

I am stuck in the back door. Looking at the $t***o. I kinda understand what I am looking at, but not really sure how to call the function or make it work in my favor. Any hints would be awesome.

I managed to nab the user.txt after popping FTP and getting to HTTPS, but haven’t got a useful shell like sh or bash… seems like PHP and Node.js are tightened down from spawning one, but I’m probably missing something. Hints welcomed :slight_smile:

EDIT: Got the shell. If you can read certain users’ files, why not pull the files that let you login?

can someone give me hand please. I have used backdoor to get myself details and then generated ct, i can access through https, and look through lfi, worked out hot read files in p*** but i am missing something to get a shell. assistance welcome,

can someone help - I have the stupid shell and keys but I am stuck there… anything would be great thanks.

Type your comment> @Demonseed74 said:

can someone give me hand please. I have used backdoor to get myself details and then generated ct, i can access through https, and look through lfi, worked out hot read files in p*** but i am missing something to get a shell. assistance welcome,

You might want to check some user folders to see if there is something interesting there…

Type your comment> @L33tVars1ty said:

can someone help - I have the stupid shell and keys but I am stuck there… anything would be great thanks.

Which stupid shell and what keys? Can you access port 443 yet?

pls hints for root :confused: !

Any hints for root? I altered m******s, but it runs with -u ny…

^ got root, thanks @ghost0437

Got root. Feel free to PM me for hints.

Hi, i’m struggling a little bit finding a way to use $t****, I know that I can use it to get c*.k* in order for me to get a .p** but I don’t know how to work with $t****, any hint ?

Type your comment> @NeoBox said:

Hi, i’m struggling a little bit finding a way to use $t****, I know that I can use it to get c*.k* in order for me to get a .p** but I don’t know how to work with $t****, any hint ?

Never mind, I just got it