Fortune

Finally rooted.
User: Fuzzing is very easy but a bit tricky. I did not think in that way at the beginning :wink:
Root: What B** tells you is the key.

any hints for “be the one you want to be”? i am looking at the flask app code for ssh key generation and also see the remote select command in ssh debug mode… can’t connect the dots :cold_sweat: :smiley:

So I think I’m missing some piece of the puzzle for root…

I have my own custom script to decrypt the hashes, but I’m getting garbage text as output. I’ve tried various things as keys, but nothing seems to work.

The only thing I can think of is the storage directory in the appsrv dir, which is only readable by b__. Is this important for this? If so, how do I log in as b__? I have S__ for c*****.

user was too easy, got it in almost 1/h or 1.3/h.
if you needed help, PM me :slight_smile:

Root Here I come.

Hey guys, I am stuck at root. got some hashes from pg*****.d*. but can’t decrypt team. anyone willing to help, please PM me.

Great machine, I really liked it. A bit confusing the retrieval of the root password, but rest I enjoyed it.
Tip for root.

Not always a Key is called Key
Also you just need the p****.d* file on your machine and a bit of python fu. Installing the whole app is absolutely a waste of time.

Great machine, although user was a bit too easy, but very fun…

Need Hints PM me.

I’ve got user, and I think I’ve got the info I need for root. When I run the appropriate function I get unreadable text out. Any nudges?

I’m having no luck finding the “RCE” bug. If someone could PM me and help out I would appreciate it. I’ve got some usernames and enumerated all services I think, but I must be missing something obvious because I don’t see any way at all to get the remote machine to do anything.

Edit: Oh thanks, I found the bug :slight_smile:

For those struggling with root, what helped me was going to github and reading the source for p***n. No cracking required, no need to install locally. I did copy bits of source code to run locally. Make sure you have the hint from B in hand first.

Feel free to PM for hints.

i’m got root, but i don’t understood : why key is hh? i think that i needed p****d

Can any one help me where can i start ?

Nice box, made it way to difficult for myself on the root part xD

Hi Folks,
Need your help. I managed to get login to the lower port via ssh as nf*r. Trying to mou but failed with an error as “failed admnistrator”. COuld you please help me with some documentation for the same.

Type your comment> @pawanjswalhtb said:

Hi Folks,
Need your help. I managed to get login to the lower port via ssh as nf*r. Trying to mou but failed with an error as “failed admnistrator”. COuld you please help me with some documentation for the same.

Are you using sudo and/or are you root on your own machine?

I got user, but cant seem to find this thing everyone is trying to decode, anyone wanna nudge me in the right direction?

Type your comment> @mech said:

I got user, but cant seem to find this thing everyone is trying to decode, anyone wanna nudge me in the right direction?

In the home of the user, there’s another file. It’s contents tell you what you need to look to start.

I’m in the next step… Think I have the things to decrypt, but can’t find the encrypting algorithm… If someone can help, would be appreciated.
I tried to crack’em with john but no luck either.

@ompamo

I have seen the file with the hint, and checked out the thing it’s referencing on the other port, but I can’t seem to find the hashes everyone is mentioning.

Finally rooted, thought I’d give it a try after going through the active easy boxes. Learnt a lot, especially as web isn’t really my thing. Interesting box that I enjoyed a lot. Thanks for all the forum hints, they really helped!

rooted. What a box @AuxSarge !