Scavenger

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.

I hope this is not spoiler lol.

@delo said:

This is one old-school style HTB box! Reminded me of some of the classic early nix boxes that were released, such as popcorn, beep and cronos, for some reason. It would be a good practice box for those preparing for the OSCP exam as well. Great job @ompamo - I can tell a fair bit of effort went into creating this one. Cheers and I hope you make more.

@mech said:

Wow, finally rooted after three days of intense work and learning. Hardest box I’ve ever done, had to pull on bits of knowledge from just about every box I’ve done so far.

Incredibly cool box and had a ton of fun doing it. @ompamo you did an absolutely fantastic job. Look forward to your future boxes.

Also gotta say thanks to @Jacker31 for the hints and emotional support ■■■■.

Thanks, appreciate your comments!

Type your comment> @farbs said:

Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

Enunerate with bigger dicts…

hey , i manage to have RCE and i made a python script to do it , also found some creds which i only can use them to F** but i cant do nothing there. Can anyone send me a pm with a hint ?? thanks

any nudge on getting root??

Type your comment> @Tohzzicklao said:

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are. It’s not the smartest of the insects.

I hope this is not spoiler lol.

Not a spoiler. But I’ve already found what you’re referring too and can’t latch on.

@farbs said:
Not a spoiler. But I’ve already found what you’re referring too and can’t latch on.

If you found it, find the right parameter to make it work.

Type your comment> @Tohzzicklao said:

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are. It’s not the smartest of the insects.

I hope this is not spoiler lol.

Are you referring to the public vuln? Because I haven’t been able to make it work.

Type your comment> @Tohzzicklao said:

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.

I hope this is not spoiler lol.

Stucked here too atm, I am in the guts of the insect but because its a ‘young’ insect, found no public weaknesses.
Appart from a few internal paths, did not find anything interesting :frowning:

Finally rooted !

Really challenging box, thanks to the author for creating this box and to @Seepckoa (merci mec !) and @julianjm for the help :).

I’d be happy to help if needed, don’t hesitate to DM

Type your comment> @Greenou said:

Type your comment> @Tohzzicklao said:

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.

I hope this is not spoiler lol.

Stucked here too atm, I am in the guts of the insect but because its a ‘young’ insect, found no public weaknesses.
Appart from a few internal paths, did not find anything interesting :frowning:

Maybe you’ll need to try bigger dicts to find it. No need to get into the guts of the insect. And read carefully my words between brackets xD

Type your comment> @Tohzzicklao said:

Type your comment> @Greenou said:

Type your comment> @Tohzzicklao said:

@farbs said:
Staring this stupid insect in the eyes right now… I’m in, but need some clarity. Any nudges?

The stupid insect’s eyes hide a valued secret at plain sight (you could think it’s from someone else). And it’s willing to share it with you without knowing who you are.

I hope this is not spoiler lol.

Stucked here too atm, I am in the guts of the insect but because its a ‘young’ insect, found no public weaknesses.
Appart from a few internal paths, did not find anything interesting :frowning:

Maybe you’ll need to try bigger dicts to find it. No need to get into the guts of the insect. And read carefully my words between brackets xD

God damnit. That’s what I get for running my wordlist through a proxy.
Thanks for the hint, not user yet but I guess I’m pretty close !

Rooted. This box is underrated IMO. Can see that a lot of thought went into putting it together and it’s creative. thanks @ompamo

Hints for user: after the initial entry point, you’ll be enumerating a lot. By enumerating I mean searching for stuff using methods you probably already know. there are quite a few rabbit holes you can go down and I probably went down them all. this is more of a test of your process and methodology than anything else. And don’t bother with the slow thing, made my VM unusable. fortunately you don’t need it for anything. in fact a proper shell is not required for anything on this box.

Hints for root: here google will help you out. much more direct than getting user. but google alone won’t get the job done.

PM for hints.

Got root after a long time, I missed a small thing but I finally did it. PM for hints if you are stuck!

Finally got user. Big thanks to @ciscopass.

Now on my way to root. Hints are appreciated.

Stuck on user, exploited the w***s and have some infos, enumerated and found some rabbit holes. not sure what to do next, need help!

stuck on the last stage of root - i can’t quite get the formatting of the string right, any pointers?

EDIT: rooted, cheers to @Tohzzicklao and @beorn for the nudge

feel free to PM me for hints

man this box make me nervous , i stuck on the root for almost 2 days ,i can’t find a way to escalate from ib*01 , and there is no way to get a real shell , is that r.c on **ap file the way or it’s a rabbit hole ??

Type your comment> @wail99 said:

man this box make me nervous , i stuck on the root for almost 2 days ,i can’t find a way to escalate from ib*01 , and there is no way to get a real shell , is that r.c on **ap file the way or it’s a rabbit hole ??

the **ap part is not a rabbit hole as it got me the user flag (and you don’t need the slow thing)

Type your comment> @Greenou said:
i got the user.txt , but still stuck on the root part , i can’t get a real shell even with the user ib*01 , any idea??