Smasher2

Disappointed with the root, looks like the author copied the second stage from somewhere without modifying it at all.

Stuck here trying to brute force web links. Is there any special kind of tool or reading required to get moving on this box? I only have the /b***** directory.

Finally rooted. Very fun box!

I can’t find any way to root. I have tried pretty much any standard procedure. Could anyone enlighten me? Thanks!

NVM, rooted! Awesome box.

EXTREMELY disappointed. I rooted it a couple of hours ago since the whole script is online… I then moved on to trying to root it with some unintended method, so I actually felt like i deserved to root the box… the whole thing was enumeration and copy/pasting ■■■■■…

.

.

where is my badge? :frowning:

Type your comment> @tabacci said:

Two hackers compromised this box, and one marked it as very hard while other marked as very easy. I wander why some people mark very hard boxes as very easy? What does that mean?

Obviously it could not be really very easy. How is it possible to spend several hours for researches and say that it was very easy?)

Well to say this it took about 1 hour 19 minutes to get the password cracked than it took me about 10 seconds to spot the hole in the python code for A**h.*y I am not trying to sound like an ■■■ but the hardest part about that was the blacklist bypass and again that took a team member literally 5 minutes so the reason 1 rated it as easy is simply it is

the root jesus i’m bashing my head off a wall that i wont profess to know ■■■■ about yet

but we obv didn’t do it at once we went to bed so we didn’t go for blood and its 60 days plus i’m just stating besides the htauth mess this is by no means a 7 hour to user box like i said we did it in roughly 2

Can someone help with API key. I think I manage to write correct “job” so that it can bypass WAF… and now I’m stuck at API key :frowning:

This might be weird, but is the landing page supposed to be the default Apache page? I already discovered b***** and emulated my copy of a***.** using a docker image. My setup provides me with a session token, which I have yet to experience the web-server give me one.

Could somebody give a hint for root?

dunno lol

fun box, learned a lot, thanks @johnnyz187 for the nudge on user

looks like the box has changed since it was released, there’s no brute forcing required to get the b***** files

for user, running the b***** files locally will help identify a problem that can be combined with some intelligent guesswork. (turns out I’m not very good at guessing.) then some more work to bypass a filter (hints already in this thread).

for root - enumerate where you might not normally, then research what you find online. i found this part to be easier than getting user.

easy :slight_smile:

Look what we have here. I’m glad the bruteforce part was removed

Did anyone do user the intended way? I couldn’t find the “real” vulnerability. Would someone enlighten me? Disclaimer: I rooted the box.

Segfault is killing me! xD

I’m ashamed to say that I might need a nudge on user. I have tried everything I could think of but have been unable to crack the beverage container.