LaCasaDePapel

restart firefox.

I’ve done it already @bbdog firefox tells me that the certificate still expires in 2029 however my new certificate expires in 2020 normally

Can someone help me with the p**.sl please? I have managed to work out how to change directory but cant for the life of me read it. Just can’t do it, i can navigate, glob etc but im stuck. I’m literally staring at user.txt but…can’t read. Also wtf with $t*

Even if you want to PM me a webpage with a list of commands that will do what i need. ty

learn little bit of php

Just got root but not sure how I did it :unamused: My apologies to the user on whose coat-tails I rode in, since I’m pretty sure I messed you up for a minute there.

Edit: if anyone would like to let me know via PM exactly what triggered my shell, that’d be nice :slight_smile:

Type your comment> @mimo said:

I managed to get the certificate working after a few tweaks.
Got to the private area but found no LF*. However I can’t use any dirbusting tools due to the fact the box checks the cert for every request. a nudge in the right direction is appreciated.

check LFI manually :wink: is in front of you . you understand how file mechanism works and use this to your advantage.

Looking for a little nudge on user please

Can’t get persistent access or to read user.txt - sure I’m just missing something simple

Rooted

Well I should say that the certificate part was the hardest in this box especially if you don’t know how to make one. But definitely a fun box. Learned a lot :+1:

There’s a lot of people to thank, you know who you are :smile:

User: observe the download links, if you look closely then it’s a matter of time before you get what I’m saying. You can also get something useful in a famous europe city, in which you will use to get in. Be quiet tho “Sshhh”

Root: everything is there. just know directory/file permissions

Type your comment> @TGZed said:

Rooted

Well I should say that the certificate part was the hardest in this box especially if you don’t know how to make one. But definitely a fun box. Learned a lot :+1:

There’s a lot of people to thank, you know who you are :smile:

User: observe the download links, if you look closely then it’s a matter of time before you get what I’m saying.

Root: everything is there. just know directory/file permissions

That was all I needed, thanks for sharing and gratz on the root.

Was able to get user shell and see the vulnerability right in front of me, but am unsure how to exploit it. Any nudges?

Will be hanging out on: webchat.freenode.net channel: lacasadepapel or DM me please

anyone got any hints pm me on HTB main site same username thanks

Could someone give me hint on creating cXXt? I got OpenXXX, filled in data mirrored from the public, yet, can’t get it work. (Dali-error)
Got the code from the Asian city, changed the bits, date etc on the cXXt-creation, but still…
What am I missing?

I created my certificate and got acces through https, but now I´m stucking.
Can someone give me a hint, what I have to do with the download links, please?

Hey,

Can I get any hint about creating a correct cert for the port. I have the c*.**y file and tried using same O, FQDN and Timestamp to it and still doesn’t work.

Edit: Rooted the machine. Definitely the user was harder than root. For user: Try different things and read. read and read documentation about it.
For root: I went for the hail mary and couldn’t believe it worked. It’s that simple and it’s on plain view.

Type your comment> @lichshot said:

Hey,

Can I get any hint about creating a correct cert for the port. I have the c*.**y file and tried using same O, FQDN and Timestamp to it and still doesn’t work.

Check openssl ‘man’

Rooted, great box !

Enumerate and use the loot wisely, over thinking it cost me time.

Finally rooted, thanks @TGZed for the nudges!

Rooted, didn’t really like this box much.
Way too unstable.

Kind of need a nudge for root. I’ve found a certain .I**-file in a home directory containing “good” information. However, I cannot run that line as my current user. I’ve been thinking about changing the contents in this file, and went back to bd*, but permission denied…

Is there another place which allows us doing this editing? Please give me a nudge :slight_smile:

Type your comment> @east said:

Was able to get user shell and see the vulnerability right in front of me, but am unsure how to exploit it. Any nudges?

Will be hanging out on: webchat.freenode.net channel: lacasadepapel or DM me please

I’m the same. any good advice?

I checked the file permission but I can’t see where to go …
some knowledge is missing here just don’t know what…