Wow, finally rooted after three days of intense work and learning. Hardest box I’ve ever done, had to pull on bits of knowledge from just about every box I’ve done so far.
Incredibly cool box and had a ton of fun doing it. @ompamo you did an absolutely fantastic job. Look forward to your future boxes.
Also gotta say thanks to @Jacker31 for the hints and emotional support ■■■■.
@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?
The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.
This is one old-school style HTB box! Reminded me of some of the classic early nix boxes that were released, such as popcorn, beep and cronos, for some reason. It would be a good practice box for those preparing for the OSCP exam as well. Great job @ompamo - I can tell a fair bit of effort went into creating this one. Cheers and I hope you make more.
Wow, finally rooted after three days of intense work and learning. Hardest box I’ve ever done, had to pull on bits of knowledge from just about every box I’ve done so far.
Incredibly cool box and had a ton of fun doing it. @ompamo you did an absolutely fantastic job. Look forward to your future boxes.
Also gotta say thanks to @Jacker31 for the hints and emotional support ■■■■.
hey , i manage to have RCE and i made a python script to do it , also found some creds which i only can use them to F** but i cant do nothing there. Can anyone send me a pm with a hint ?? thanks
@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?
The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are. It’s not the smartest of the insects.
I hope this is not spoiler lol.
Not a spoiler. But I’ve already found what you’re referring too and can’t latch on.
@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?
The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are. It’s not the smartest of the insects.
I hope this is not spoiler lol.
Are you referring to the public vuln? Because I haven’t been able to make it work.
@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?
The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.
I hope this is not spoiler lol.
Stucked here too atm, I am in the guts of the insect but because its a ‘young’ insect, found no public weaknesses.
Appart from a few internal paths, did not find anything interesting
@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?
The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.
I hope this is not spoiler lol.
Stucked here too atm, I am in the guts of the insect but because its a ‘young’ insect, found no public weaknesses.
Appart from a few internal paths, did not find anything interesting
Maybe you’ll need to try bigger dicts to find it. No need to get into the guts of the insect. And read carefully my words between brackets xD
@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?
The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.
I hope this is not spoiler lol.
Stucked here too atm, I am in the guts of the insect but because its a ‘young’ insect, found no public weaknesses.
Appart from a few internal paths, did not find anything interesting
Maybe you’ll need to try bigger dicts to find it. No need to get into the guts of the insect. And read carefully my words between brackets xD
God damnit. That’s what I get for running my wordlist through a proxy.
Thanks for the hint, not user yet but I guess I’m pretty close !
Rooted. This box is underrated IMO. Can see that a lot of thought went into putting it together and it’s creative. thanks @ompamo
Hints for user: after the initial entry point, you’ll be enumerating a lot. By enumerating I mean searching for stuff using methods you probably already know. there are quite a few rabbit holes you can go down and I probably went down them all. this is more of a test of your process and methodology than anything else. And don’t bother with the slow thing, made my VM unusable. fortunately you don’t need it for anything. in fact a proper shell is not required for anything on this box.
Hints for root: here google will help you out. much more direct than getting user. but google alone won’t get the job done.
man this box make me nervous , i stuck on the root for almost 2 days ,i can’t find a way to escalate from ib*01 , and there is no way to get a real shell , is that r.c on **ap file the way or it’s a rabbit hole ??