This is one of the few boxes that I will comment on. Pretty sweet ride. Took me more than hours to complete than I am willing to admit. This is not a typical CTF-like box. Think more like a real life scenarios, with real developers, maybe making mistakes and whatnots.
I went down a really deep rabbit whole in the beginning. Gaining a shell that I think I shouldn’t have been. I thought that was it, I got root and everything but then, where is the user/root.txt? Dammit, such a fool.
Most of the important stuff are in the gogs. Go through everything. I do mean EVERYTHING. It is not that much any ways.
After that you should be able to get USER.
For root just go through the machine that you have just gained access to; the purpose, the services running, do your enumeration thoroughly. You should check for left over stuff as well.
hint: One of the file will unlock every secret you need.
■■■!! After suffering for some days on this box, I was able to obtain user.txt. Special thanks to @Kucharskov for the time taken to explain to me few concepts to understand how to proceed with the vulnerability.
From here, I will continue to root, but if someone needs some help please let me know.
PP
EDIT: Got root. After reviewing the hints on the forum.
Oh boy, this has got to be my favorite box so far, there are lots of steps, but it’s very straightforward and you probably have already found your next step before you know how to use it. In my years as developer I’ve seen how common a lot of these mistakes are, so it feels very real.
User: You should have easily found an issue with the code you have access to, it’s a shame no one hardcodes credentials anymore… but they do reuse passwords.
PS: If you’re having trouble exploiting the code, try it locally. And after you’re in initially don’t overthink (like I did) and start reading on technical exploits to escape your situation, you probably will find quickly what to extract from that experience, you just need to find a way to use that somewhere else.
Root: Your initial enumeration should have shown you something interesting, then it’s just a matter of understanding how to use the tool that you have a way of authenticating to allow you to use that interesting thing.
Got root. Huge thanks to everyone who helped me. A super enjoyable box even though I had an unusually difficult time catching a reverse shell.
I think there are plenty enough hints already but I’ll add a clarification:
People are mentioning ‘going back to the beginning’ and I was attempting to do this too early (thanks to rev shell issues). You must have a shell that you use to enumerate further. THEN step back
If you are also struggling to get a shell callback shoot me a PM - I’ve probably gone through the same problem.
Well crafted box! Enough clues to lead you around and pays off in the end to read things. Lots of fundamental stuff to learn here for many, but not so tedious to be (overly) frustrating.