Craft

rooted.
whoa, what a ride. Nice box!

@Lycist

That might be escaping problem. Try easier way via w**

It’s very realistic machine ! <3
If you need nudge PM me

Why the ■■■■ do I have the message " **** failed, invalid key"… when I try to create my root token

im stuck on this very last step, please help me in private message ty

ok rooted, was easy as ■■■■, I dont know what is the interest of v***t if you can connect like that

Well this was interesting. The user had layers and layers, like Shrek… i mean onions. The root on the other hand was just… getting it. thanks @rotarydrone

Rooted!

Finally! Finished with this ■■■■ box… Though it was fun in hindsight.

Hi guys, trying to get my initial shell but keep on getting this error {“message”: “An unhandled exception occurred.”}, can someone help me?

edit: never mind made it work
user owned
root owned

Finally rooted.
User is very complex and layered.

The best hint I’ve found on the forum, for jail escaping, was “LEARN SQL” :smiley:
It sounds a bit harsh but it’s not.

Root is easy if you have experience with do****.
I don’t. But if you read the documentation from gogs you’ll figure it out.

Among the best machines I’ve done, it gets you in touch with several technologies, thanks @rotarydrone.

Can anyone help me with the payload? I dont get it to work for some reason.

I used gobuster but I can’t find any files or directories and none of the links work, I’m really still stuck on the index page. Can someone help me?

@rotarydrone awesome box, I really loved the process and the design, plus learned some more, which is always nice.
Hope to see another box of yours soon :slight_smile:

@sazouki said:
■■■■ i got ssh key from that use repo and it ask for passphrase when im trying to login ?

Same here. "Invalid format for [s**] key " a nudge would be helpful. Figure I’m close to user.

Ok, I got user now. I now understand why the errors…needed to look closely at the key I had.

Then I’m guessing I will focus on v**** to get root although I have no experience with d*****.

Yep. root.txt. Had to reset the box though before the final command worked to get me in.

Can someone please PM me about getting user. Cant understand how correctly interact with JSON and where to look to drop a shell…

Can someone PM me for a hint?

I am currently in Jail, found creds for DB and don’t know where to use it (they are not usable in G***). I changed the SQL statement in the file I found. to enumerate databases and tables, but no success so far.

Rooted.
Initial was tricky, but after that getting user.txt and root.txt took me about 30 minutes - probably because I spent way to much time reading all source code.
PM me for a hint.

PM for nuggets

@rholas i pm u

i get cred of user dinesh and i’m able to add brew to db
what’s next ?