Writeup

i think i found creds but im not to sure but if anyone could help with cracking the salted hash it would be very much appreciated

Just Rooted! Big thnx to @albertojoser for his amazing help and explanation! :smiley:

Just rooted :smile: Feel free to PM if you are stuck to give you a nudge

Rooted!

Thanks @env @Almadjus

User:Try to find a common file in webservers, usually associated with privacy / security of the site. After that, if you did not find the exploit that was quoted by other people, it’s wise to check if your exploit search program is up to date.

Root: Monitor processes closely while generating traffic to the machine (if you are a VIP). Pay attention to the action that is triggered by this traffic.

If need help, feel free to pm me. :bleep_bloop:

Finally got root a big thanks to @godzkid , I got the root in the most easiest way, If anybody needs help feel free to pm me.

user owned, onto root!

Type your comment> @mab said:

Got my 20 points for this fantastic and realistic box. Thanks @jkr for the work <3

User part is quite easy with the right exploit. There was mentioned a very handy Firefox extension that helped me to enumerate the needed information.

Root part was extremely tricky for me. I fell in so many rabbit holes. But thanks to the hint from @1NC39T10N i was able to get back on track. His/Her nudge is very handy if you are on a vip box.

@1NC39T10N said:
Root is tricky to find if others are not on the box IMO. Use the tool already mentioned
to monitor processes, but generate traffic to the box while this is running using the VERY
last step needed to get user. Observe the process, and consider how to leverage.

A very big shoutout to @Almadjus who helped me when i was completely stuck in the rabbit holes and remind me to double check the things.

Many Thanks Mab for your support!
Is there another way for rooting other than the one described here? I found it CTF like, how the first one linked the monitoring processes and the trigger !

Awesome root. Very sneaky.

Finally rooted! Sneaky logic! But when it strikes you, it’s an eureka moment! Thanks to @0xskywalker @b0ne. Ping me up, if you need a hint!

writeup_root

found the username and password r********9 and still no login to a****
any hints?

Thanks @jkr what a great box. Thanks to @albertojoser for the nudge

@th3location try another service to login :slight_smile:

i just got the user flag if anyone could help me with root that would be awesome

Someone could please give a hint? I found the wr*** page but i dont know what to do next. I also found the cm*** but i cant find nothing about it

Type your comment> @b055 said:

@th3location try another service to login :slight_smile:

Thanks @b055 : ) classic miss!

Moving to root…

hey all ive got what i need for user, can i PM someone to discuss how this exploit actually works

Rooted, thanks for illuminatiguy for the little nudge.
Root for vip users. ssh sessions for the win

Type your comment> @MRwatch0xff said:

Rooted, thanks for illuminatiguy for the little nudge.
Root for vip users. ssh sessions for the win

Any recommendations for how to proceed as vip user? I see no traffic in monitoring…

Type your comment> @th3location said:

Type your comment> @MRwatch0xff said:

Rooted, thanks for illuminatiguy for the little nudge.
Root for vip users. ssh sessions for the win

Any recommendations for how to proceed as vip user? I see no traffic in monitoring…

If you can’t see the traffic from someone else, create your own, just ssh from a new teminal :wink:

@R3S3T said:
Someone could please give a hint? I found the wr*** page but i dont know what to do next. I also found the cm*** but i cant find nothing about it

Look for open source exploits for the cm*** hint, it’s related to S** In****