Networked

wow, box is crawling at turtle speed, takes me at least 5 minutes just to change directories…wth

do we need to alter the code of C****_a*****.P**? i dont know php, but i think i understand what its doing, i just dont understand what it has to do with gettting the user flag. What am i missing??

You know it really fucking sucks coming into this room for a hint and seeing 40,000 comments all saying “iT’s So SiMpLe AnD sTrAiGhTfOrWaRd”. Why do people come in here just to be pricks?

Some of us can’t read PHP very well and get sick of looking up every single function, so it isn’t “simple and straightforward” for us.

can someone dm for root assist. certain im in right place w/ vector but not sure why getting iface errors.

Edit: nvm rooted

Can I get a nudge for user flag? I have a shell, and see the c********.*** file - don’t know what to do from here (I’ve tried too many things to mention here).

Ok when I run c****_****.p I see interesting actions that exist in the /v…/…/…/up… folder, but the names are something that is not touchable, and I am thinking I need to add my own. I HAVE NO IDEA how to go about this! Any assistance would be fabs!
Thanks All!

EDIT: USER Completed: For those having issues, TOUCH

.

Can someone give me a nudge on the privesc to user? Based on what has been said in the forum already, I’ve been looking at c****_a*****.p** and can see the frequency with which it runs, I can’t seem to modify the file however, and am not sure how to proceed.

For those stuck on a PHP-script, i would like to add that you don’t need to be able to read/know PHP in order to spot the vulnerability, as the actual flaw in the script is not PHP-specific.

Do some targeted thinking: I want to smuggle some command in, where could i possibly do that?

Finally rooted. Turns out i wasn’t using sudo with the correct script xD;
Some takeaways:
-Do use sudo
-Use absolute path
-You don’t need another reverse shell
-Try replicating the $y=$x scenario in your shell.

PM for help.

Big thanks to @cyberpathogen and @3DxHex

is there a level after root that I’m missing, or is the root.txt flag missing?

edit: flag is there today, guessing it was a temporary issue. this one was a lot of fun, thanks!

please don’t run any PHP script suing a***he user, by doing this you are ruining/ spoiling the server. I have one hour trying something and got the same wrong result because of this.

i cant get my shell to last more than a minute at a time, near impossible to do anything…very frustrating

For all that are thinking they need to actually edit the php script within the interesting application for USER. Stop trying to change the php code, you dont have permissions to do it anyways. TOUCHING is the way to go, just remember there is a certain way that we have to TOUCH ‘things to have them work the way we want them to’

HINT for USER : Look at the directory that the interesting application pulls from and then follow my last post! :slight_smile: If this is a spoiler, please remove it!
THanks

Hints for both user and root:
https://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt

This is a fun box; and the exploits all seemed to be a similar theme which I enjoyed. Especially coming from a mostly Windows background.

when you spent like 20 mins on reading networking scripts to find out how the argument parsing is done… and then wtffff moment :slight_smile:
thanks to ippsec, now i can finally say - easy stuff, rooted :slight_smile: thanks for teaching me, master :slight_smile:

Stuck on c****_a*****.p**, any nudge would be appreciated :smile:

Rooted! Thanks @guly for an outstanding learning experience.

Hint for USER: You dont need to edit the special _.*** you just need to look over the source and see where its pulling from. Once you get that you can ‘touch’ your way to USER.

Hint for ROOT: Do your best to not overcomplicate as I did. You dont necessarily need to understand the source of the special . but just analyze the feedback and base your next moves off that feedback! Kentucky Windage

FEel free to DM me for hints. I had a blast on this box and learned a TON.

Hello everyone!
For the moment I entered with a user shell thanks to the help of some users and for comments in the forum! I will try to go ahead following your suggestions! Thank you all!
Great project!