Craft

Nice Box!!!
I learned a lot :smile:

At the risk of being retarded do we need to break out or pivot? I can see the myl server but it’s running a version that’s incompatible with the client that is installed in Kali. Is myl a rabbit hole, or is that the right direction?

EDIT: NVM, I was retarded. rooted. I really liked this box. PM if you need a nudge.

One of my favorite boxes; very real world applicable. No need to dig around too far if you’re stuck in jail; find what could resemble the key, go back outside where you started and try again with something new.

Feel free to DM for hints. ?

Need a hint to escape jail

You don’t need to escape the jail. Just find a way how to deal with that(cred).

Still searching for root :tired_face:

User was a slog, really well put together and somewhat realistic. Once you get your foothold, you may need to alter something you have in front of you to get more… bit vague but it’ll make sense when you do it ?.

Root is kind of simple once you check the help of that program and the information used to set it up.

Great box.

Rooted. Very fun box. Thanks @rotarydrone for making awesome realistic box :slight_smile:

Almost passed out on this. Thanks a ■■■■ lot @sayanthanpera and @EnDeRuCn
Intuitions are most of the times logic.

Really enjoyed this box. No bruteforce or meaningless guessing is required.

Hint for foothold:
Enumerate a lot. Maybe look at older versions, commits and issues. Should give you a good start. From there, more enumeration. Explore what you’ve found, and you should find something which should help you gain root.

Hint for root:
Use the info you’ve found. Look it up, read the documentation, and you should get root within no time.

Real fun box, probably one of the best.
While root was kind of easy, I still learned a lot!

I read the official docs for the tool to get root, but I cannot get ANY information out of it.

enum enum enum.

That’s all. Rooted.

Thanks for maker.

ok i have the credz for the db, cant seem to find a use for them though.?

Got root, thx to sayanthanpera for the nudges. Now I again feel like an idiot.

Today i gotta an user on Craft and still fighting with root.
If you want help with user or root - just PM me.

Edit: Succesfully rooted with @Leonishan help! <3

Wasted too much time trying to pivot xD everything’s easier than it seems. Feel free to PM if you get stuck

Nice box, congrats @rotarydrone

I am giving some hints:

  • User : After enumerations and accessing some interesting place, try to analyze the code, you can find some weaknesses that could let you take advantage. There are things that should never be used with the user input :wink: Thanks to @Kucharskov to save me from a AFK brain after spending too much time enumerating for nothing :tongue:

  • Root : It was fast, after a bit of analysis of what you have, you will find fast how to take advantage of it.

PM if you need some hint.

Pretty cool box, root could have been better though :/.

PM me if you need some help :slight_smile: !

Wow. Amazing box. Really enjoyed it, even the rabbit holes :smile:
Congrats @rotarydrone

Type your comment> @Angel235 said:

Wasted too much time trying to pivot xD everything’s easier than it seems. Feel free to PM if you get stuck

Tell me about it. I wasted hours trying to pivot and I finally had to step back. I literally wrote that down in my notes like this:

So, I’m going to just assume after I spent hours trying to pivot into the network that I’m missing something and I need to go back.

:neutral:

I really liked this box. Thanks to @rotarydrone for putting it together. If anyone needs a nudge just drop me a PM.