CTF - Machine

Am I right in thinking you can’t get the token with a single request and that doing it by hand might lead to carpal tunnel?

@0xEA31 Thank you for a really fun machine! Really taught me a lot about a specific technique I had almost no experience with prior. The root flag was very easy by comparison but a nice blast from the past to be sure. :slight_smile:

My hints:

User: The comments really are telling you everything you need to know for every step. Seriously try to understand how the underlying technology might work – it’s not a complex setup, it’s just a very precise thing so you need to be exact with your input or it won’t work.

Root: Man up. :wink:

I could use a nudge here. Is the hash meant to be cracked? I reverted the machine, and the hash is the same. I’ve run hashcat for around 6 hours with the usual wordlists, custom wordlists, weak masks, etc and gotten nothing. I’ve “attr-busted,” bruteforced uids and gids, and more looking for a hint. Did I miss one due to matching rules, or is there some filter magic to search another OU or what? Do I need a different ssh client or config? This is hazing.

i was looking on this thread for some direction on this box and i spent so much time reading the argument. That is really frustrating to me considering i am already frustrated with this box, I would appreciate some pointers on enumeration techniques considering the box is blocking and form of brute force.

I’m gonna try & be discrete. Less than 300 pwns, difficult box, don’t really expect much chatter, but it’s retiring, like to have some fun before it does. I’ve got stoken, & token, I’ve got my clock adjusted, I’ve got my injection )* & such (censored). Results the same as usual.

EDIT: NEVERMIND! I got the ok! Woohoo!

Wow cool, cmds!

Type your comment> @killallwebdevs said:

I could use a nudge here. Is the hash meant to be cracked? I reverted the machine, and the hash is the same. I’ve run hashcat for around 6 hours with the usual wordlists, custom wordlists, weak masks, etc and gotten nothing. I’ve “attr-busted,” bruteforced uids and gids, and more looking for a hint. Did I miss one due to matching rules, or is there some filter magic to search another OU or what? Do I need a different ssh client or config? This is hazing.

I think you need a different ssh client. I’ve been screwing around as the Apache user, because I didn’t realize the MD5 looking password was a password, & didn’t need to be cracked. HA! Gotta love it when that happens.

Wish I didn’t have appointments today. I see CTF at the top of Login :: Hack The Box :: Penetration Testing Labs so I assume it’s retiring tomorrow? If anybody can help me with the backup script cron, I thought wildcards gone wild applied, but not so much anymore.

Edit: I see the bash version now. Duh. Time to be creative.

Edit: nevermind. Lol.

Type your comment> @Zot said:

Wish I didn’t have appointments today. I see CTF at the top of Login :: Hack The Box :: Penetration Testing Labs so I assume it’s retiring tomorrow? If anybody can help me with the backup script cron, I thought wildcards gone wild applied, but not so much anymore.

No, Querier is retiring apparently; maybe next week

That makes NO sense to me. Querier is a newer machine. I thought the oldest was always the next for retirement.

This box is very annoying. I am stuck on the OTP, I have to token, I have changed my time several times but yet it doesn’t take my information. I have the correct username also to my knowledge.

Nope I was able to get it, thanks @sh13ld

Is there anybody willing to lend me a hand on the root privesc by any chance?

Edit: Rooted! Thanks @0xEA31 for this awesome box, and Thanks @Xentropy for the final push!

Stopped at the login page. There is some protection mechanism on the directory service, general injectable characters are filtered. No idea about how to inject. Any suggestion?

Hi guys, someone could give a nudge, stuck in the login page. I know what I have to do, but i can’t find the right payload to bypass the login.

Soon the machine will be retired.

Got user after fighting with this for almost a month!

And then rooted within an hour after :lol:

Great box @0xEA31, you stumped me for quite a while :smile:

Hi, am having problem with CTF machine, i was able to get the stoken token from the machine, but while try to generate otp, it keep saying stoken expired. I followed different walkthrouth including official walkthrough but still not working. Almost 5 days now. Need help please

I am facing same issue. Any luck on this?

No luck

I don’t know what to do, but I see from the machine activities, some are rooting it, it’s amazing. Are you on discord? let’s meet

I am still facing the same issue, stoken keeps saying token has expired.
You got any solution over this? please help man :frowning: