Kryptos

Can really use someoneā€™s help on getting a shell on this box. I feel like Iā€™ve tried everything. If I can dm somebody, thatā€™d be great.
Also, dm me if you need help with bypassing the login page.

Wow, what a ride :slight_smile: very very nice machine, learned a lot. Thanks @no0ne and @Adamm for the work here.

  • User : All you need is in the login portal. If there is some parameter that is working strange, investigate what is that field and the response given. After that there are interesting tools that would give you some extra information. The process until getting user is long but it deserves. Thanks a lot to @NPCMaster and @farbs for helping here.

  • Root: This is a tricky part, I had the solution but lost a lot of time because it worked sometimes. Now I understand why :tongue:

Never been stuck for the very initial step for so long on a machineā€¦ and despite the errors I can google, no idea how to bypass the login.
I know this machine is prolly beyond my current level, but so many people say itā€™s awesome that I am (was) keen to give it a go anywayā€¦

still stucking at last step, both signature and builtin miss are huge questions hereā€¦

any help plz pm me, thx

logged inā€¦ the greatest and most mindbending thing Iā€™ve seen so far, .

how to decrypt c****.*** ??

edit : rooted :smiley:

any help? I stuck

Type your comment> @th3d00msl4y3r said:

any help? I stuck

pm :wink:

Got userā€¦
Have learned so many new things. Shed some blood and tears =)

Huuuge thanks to @moxic @Leonishan @Tdzone

Can anyone help me the login bypass, I know whats happening behind, but my payloads not working.

Spoiler Removed

Can someone give me pointers on what to read about with regards to the initial login? I can trigger an error and have read about the API, but Iā€™m not sure how that can be exploited.

started root part: not really randomā€¦
edit: yeah, not at allā€¦

edit: rooted, had to dive deep into python

Beautiful box! Iā€™ve learned so many things here. Really satisfied that I could do at least eval() part without nudges =)

Thanks @no0ne & @Adamm, this was the most interesting journey so far!

Can anyone help the login? thx

That was superb. I learned so much from this box and while I have always known about a lot of the vulnerabilites I have never made the effort to test them out, until now.

If you need a pointer shoot me a PM

Got user, that was fun. PM for hints. Onto root

root! what a ride

Definitely need help advancing. Iā€™m after login screen for about a week now :slight_smile:
Got all the .php files, enumerated sqlite, no idea how to proceed.
Will appreciate any help.
Thank you

Edit:
Thanks to @Pilot51 for the help with getting the foot down.
This part was crazy hard for me and not because of encryption.
I literally tried tens different ways to get inside after I already had all the information collected
After youā€™re inside the encryption theme continues and gets more interesting
It took me couple of weeks to get initial foothold (and I donā€™t mean the login screen)
and then the user and root part were much clearer

Thanks to the box creators @no0n3 and @Adamm it was real challenge and pleasure (though I have more gray hairs now :smile: )

I am also after the login screen, but did not enumerate sqlite yet. Any help is appreciated. Thanks!

Can Anyone share small nudge after login?