Craft

PM for nuggets

@rholas i pm u

i get cred of user dinesh and iā€™m able to add brew to db
whatā€™s next ?

any help for error at loading key invalid format ??

Rooted. Really enjoyable machine that had me stuck in a few places. PM me for nudges :slight_smile:

Type your comment> @voidhofer said:

I am stuck at the jail. Already got the credentials, all three of them, but I have no idea where to use them. Already tried SSH and looking through their gogs repos, but nothing worked. Can Someone please give me a hint?

I thought you were really in the can cuz your avatar almost looks lke a mugshot :wink:

Can anyone plz tell me why i cant seem to access the api or gog pages? They are returning as Server not foundā€¦ Ive edit my /etc/host/ file to reflect both name resolves but still nada, im at a bit of a loss. Can anyone help me on this?

Can anyone plz tell me why i cant seem to access the api or gog pages? They are returning as Server not foundā€¦ Ive edit my /etc/host/ file to reflect both name resolves but still nada, im at a bit of a loss. Can anyone help me on this?

I had to restart my browser after adding updating my hosts file.

Type your comment> @toroflux said:

Can anyone plz tell me why i cant seem to access the api or gog pages? They are returning as Server not foundā€¦ Ive edit my /etc/host/ file to reflect both name resolves but still nada, im at a bit of a loss. Can anyone help me on this?

I had to restart my browser after adding updating my hosts file.

thanks chief didnt even think to do that, thanks for the reminder :slight_smile:

Finally rooted!

This has been my favorite box so far. Love the Silicon Valley theme.

Pretty much all the hints have been given. This box is really about enumeration more than anything else and has a very logical progression. Everything you need is on Gogs. Follow the breadcrumbs, RTFM, and you should have root in no time.

This is not a hard box per se, just a lot of information and clues to gather- you just need to read EVERYTHING carefully.

Spoiler Removed

Ok. I am going crazy here and might be missing something obvious.

I am running a** on b****** and see the c****-d* target. I originally thought I should tunnel from b****** to m****, but I donā€™t think that port is exposed.

So I managed to run S** via f**** sh***. I need a nudge now that Iā€™m using p***** to look at m****

I guess my one question is. Should I have setup a tunnel through b****** or is that not necessary?

edit: nevermind. As soon as I posted this I found some extra credential. Rubber ducky method I guess :slight_smile:

I found d****h user and Iā€™m able to log in to brew. I can add the auth token header to POST data to brew db but I have no clue what to do next, how to generate RCE.

@halisha said:
I found d****h user and Iā€™m able to log in to brew. I can add the auth token header to POST data to brew db but I have no clue what to do next, how to generate RCE.

Make sure you look through EVERYTHING. No fancy shell script required, just eyeballs.

You can get to it from the very first page you visit.

is the https laggy by default or something wrong with the box? it doesnt even load

Type your comment> @Salts said:

@halisha said:
I found d****h user and Iā€™m able to log in to brew. I can add the auth token header to POST data to brew db but I have no clue what to do next, how to generate RCE.

Make sure you look through EVERYTHING. No fancy shell script required, just eyeballs.

You can get to it from the very first page you visit.

Thanks. I have escalated, Iā€™m stuck at sending payload, managed to get ping but no way to get shell.

Can someone pm me and give me some guidance on getting shell? I tried a lot of stuff and I kinda understood how it works and what I should done but Im stuck due to linux knowledge.

Rooted! By far the best box Iā€™ve had the pleasure of doing.

It took me grueling hours to get user. (Part of it was I never encountered b****** before!!) It took less than 30 minutes after that to get root however!

I managed to almost ā€˜escapeā€™ the jail, found the Socks Socks Helen keys but at the prompt it still asks me for a password.

I dumped all the database, found creds for other 2 users than d****h but only 1 of the credentials worked.

Also found out the Se***t.

I feel like Iā€™m missing something.

Edit: I was not calling SSH properly, was first time I was logging in with private/public key linux.

Edit2: Got user and root. Feel free to pm me for help. I reply faster on telegram.

Would someone be able to point me to some good reading resources / provide a hint?
Got some credentials, am able to generate a token, know of a specific function that can be abusedā€¦ but howā€¦

*update - thanks for the people giving a nudge. finally cracked this boxā€¦ definitely related to what kind of command you are using to get rce and the formatting of itā€¦

Hi, newbie here. Currently stuck at the s** part. Was able to obtain info on all the alcoholic beverages listed in the db, but canā€™t seem to do so for the dbā€™s first few entries. Is s**'s UNI** involved by any chance? Any advice would be most welcome. ><

Edit: nvm, found what i was looking for. Had been using the same fet** func when I was looking at the tab**s.

Edit: rooted. 'twas fun :3