Player

I’ve just started exploring , however I’m having timeouts with this box on vip server.
Rebooted - still doesn’t work.
Is it a bug or a feature? :slight_smile:

got some creds and now stuck at l*ll. Trying to escape but very few doors. any hint would be appreciated.

Awesome box just, rooted thanks so much @MrR3boot one of the harder boxes that I’ve done but super satisfying!

@bluealder Glad that you enjoyed it :slight_smile:

Finally got root… Thank god! It was such a looong road…
But I loved this machine! Even though it was so frustrating most of the time, it also felt incredible every time you got to the next step. Loved that! Exploit for the web got me so excited, I’ve never seen such a cool vuln. Plus root was easy and fun.
Thanks big time to the @vsamiamv for all of the tips!
And thanks to the @MrR3boot for the machine!

Nice play @FatPotato

Awesome machine @MrR3boot . This was my first 40 points machine and i learned a lot. i thank @MrR3boot , @weelye , @Kucharskov for hints. User was a long way. root was obvious and easy, though there are few other ways for root. but i know only one.

Pm me if you need hints!

Welcome @shadyR . Good work :slight_smile:

Just AWESOME BOX @MrR3boot !!!
Most frustrating part for me was ‘bak’ file, after that it goes smoothly.
Thank you.

@s1mpl3 welcome :slight_smile:

i am wondering if the jail is a rabbit hole? any hints?

Hard and interesting box. Thanks @MrR3boot !
PM for hints.

My GAWWWD… user took me 2 days :(, I had the ssh login successfully using the user txxxgxn, but it was a restricted shell :(, but thanks to the “vuln”, got the user immediately. Now seems that the root isn’t far away.

EDIT:
DONE :slight_smile:

Upload is getting me to bang my head against the wall. Think I know how it works on a basic level but beyond that I can’t seem to recognize this CVE people are talking about.

Edit: Past that, got user.txt, now stuck with a sha1/md5 hash I can’t seem to crack.

that was a great box
thank you @MrR3boot!

What are we supposed to do with the rshell on the high port? I tried a bunch of ways to escape it but nothing worked.

From jail as t*****n i was able to read user.txt but have no idea how to escape or where find creds for s***d-dv . Could someone give some hints?

This starts to be frustrating =)
i’ve found:

  1. contents of /la****/ including php and js
  2. d** vhost and the app used there + link to github. lots of additional php files here which are not part of the repo, but anyways = access denied
  3. c*** vhost and not much here
  4. s****** vhost and the glitch with php + dir name

i’ve been hunting for the ‘bak’ for two days now… of course i haven’t busted every dir yet, but seems like this isn’t the way…

@v01t4ic said:

i’ve been hunting for the ‘bak’ for two days now… of course i haven’t busted every dir yet, but seems like this isn’t the way…

Have you ever used vim?

@Balon said:
Hard and interesting box. Thanks @MrR3boot !
PM for hints.

@angar said:
that was a great box
thank you @MrR3boot!

My pleasure @angar, @Balon :slight_smile: