Craft

Real fun box, probably one of the best.
While root was kind of easy, I still learned a lot!

I read the official docs for the tool to get root, but I cannot get ANY information out of it.

enum enum enum.

That’s all. Rooted.

Thanks for maker.

ok i have the credz for the db, cant seem to find a use for them though.?

Got root, thx to sayanthanpera for the nudges. Now I again feel like an idiot.

Today i gotta an user on Craft and still fighting with root.
If you want help with user or root - just PM me.

Edit: Succesfully rooted with @Leonishan help! <3

Wasted too much time trying to pivot xD everything’s easier than it seems. Feel free to PM if you get stuck

Nice box, congrats @rotarydrone

I am giving some hints:

  • User : After enumerations and accessing some interesting place, try to analyze the code, you can find some weaknesses that could let you take advantage. There are things that should never be used with the user input :wink: Thanks to @Kucharskov to save me from a AFK brain after spending too much time enumerating for nothing :tongue:

  • Root : It was fast, after a bit of analysis of what you have, you will find fast how to take advantage of it.

PM if you need some hint.

Pretty cool box, root could have been better though :/.

PM me if you need some help :slight_smile: !

Wow. Amazing box. Really enjoyed it, even the rabbit holes :smile:
Congrats @rotarydrone

Type your comment> @Angel235 said:

Wasted too much time trying to pivot xD everything’s easier than it seems. Feel free to PM if you get stuck

Tell me about it. I wasted hours trying to pivot and I finally had to step back. I literally wrote that down in my notes like this:

So, I’m going to just assume after I spent hours trying to pivot into the network that I’m missing something and I need to go back.

:neutral:

I really liked this box. Thanks to @rotarydrone for putting it together. If anyone needs a nudge just drop me a PM.

That was one ■■■■ of a box, incredibly fun.

Hi everyone, I’m stuck, I found the creds, i found the vulnerability , but i can’t exploit it, i sent a wget and it works , but i can move of that point

I managed to get RCE, but my reverse shell keeps closing immediately. Any tips? Thanks in advance.

Type your comment> @GoatPrime said:

I managed to get RCE, but my reverse shell keeps closing immediately. Any tips? Thanks in advance.

Same here, please give me some hint on PM. I’ll appreciate it.

This was a fun box, I loved the realism. Happy to provide hints if anyone needs them. :slight_smile:

Wow, I didn’t see any flags. what’s is this

User was interesting and realistic. Learned to not do those things late nights, you will miss alot of important things (i.e the reason for the initial foothold).

I understand what I should do to get root, but I keep getting that a certain key is invalid… Guess i need to dig through the documentation a bit more.

Rooted! thanks for @lxiion for the hits with user

PM if you need a pointer

Rooted yesterday.

User was pretty straightforward. Just follow the breadcrumbs, everything you need is in front of you.

Root took me longer than I expected, because the documentation for the tool is pretty dense and I was overthinking it. Took me a while to really understand how/why it works.

Feel free to PM for hints.