Ghoul

Anyone around to help with root on g** running an rce but stuck as to next move, please help ?

Anyone available to help with RCE on G***? I can’t seem to get the privesc to work? the script i am using runs fine with no errors but it has limited documentation and not quite sure what I need to look out for!

EDIT: i have rooted G+++ found some interesting bits in the .7z file but unsure where to go from here. any pointers?

You’ve done well to come upto here human. But what you seek doesn’t lie here. The journey isn’t over yet…

Is this box trolling me or what? where the ■■■■ is this ■■■■■■ root flag?!

someone save me please…

It’s Over! Rooted!

Thank you @xcoder and @v1p3r0u5

Finally rooted.
A very long journey for this one.
Thank you @xcoder and @Dreadless

Any hint on the gogs password? I tried everything I found but no success

edit: nvm, root. hated it a bit (waiting for the last part for several rounds to get command right: hated it a lot). but learned a lot about ssh

Just Rooted Ghoul, nice Machine.
Anyone need a hint?

Anyone can give me any nudge ? I stuck at last container. I can access high port service but can’t find anything

Spoiler Removed

Type your comment> @NikolaITA said:

Spoiler Removed

Sorry for the spoiler…
Finally found the way to root.txt (after all it was not the hardest step of the many :-))

With pain and blood, i’ve just got USER !! this box is really really interesting !
Move on to root now :dizzy:

User got, with plenty of pointers for root. Looking at this thread, seems I’m in for a tough time.
E: Kind of stuck now. Pivoted to k****i_pub, found a service on .0.2 that I don’t seem to be able to get into.

I’ve confirmed that I have RCE on g***, but none of my shells are calling back. I can get a connection to my box, but no shell.

Edit: Finally rooted. Definitely the hardest box I’ve done so far. Don’t think I’ve collected so many creds/keys in a while

EDIT: Nvm I’m just an idiot.

Amazing box.

I wasn’t frustrated that much because of all the information this forum already had.
There were couple of moments that I thought are too far fetched, but overall I think
it can happen in most real life scenarios when people reuse their passwords and keys
to do all kinds of different things

Thanks @MinatoTW and @egre55 for creating this beast.

PM/DM for hints

w

stuck on getting a shell from upload… im pretty sure I know the exploit I need to use (****slip), but i’m having trouble creating the payload correctly. Can someone PM me?

Hi. I’m not sure I’m doing this right, or if the box is not in the correct state (even after I reverted it.)

Using the same upload method that I used to get user, I was also able to get root. That looks too easy, that I’m pretty sure something is wrong.

Also, there doesn’t seem to be a root.txt on this box. Am I doing this wrong?

I got “root@Aogiri:~#” and I did not find the root.txt
do I have to get root on kaneki_*** ??
anyone give me a hint pls

i stuck after rooted gs and i get a*ri.**p.7z could anyone give me nudge please ?