Registry

Found some SSL certs, but still missing the ‘k*y’ to get ahead.

Rooted…

Very easy box!!
I don’t know why it has been ranked as hard

I don’t know if whether I got the root in the intended way.

I wouldn’t call it hard but easy far from it maybe medium but i had to learn a bit today to do this very happy lets say its not hard or easy . Im about to grab my user flag my friend and i worked together and he got his but i asked to suffer so i can learn and I’m pulling my way back into this race good job guys and to D8ll0 good job if its easy that’s awesome i cant wait to say that

ROOTED!
So its semi hard in the sense that if you miss 1 key thing in the beginning you are screwed with useless enumeration. Couple of hints below.

USER: Pay attention to what you skip on a daily bases. There is a script that can help you get what you find. Rest is straight forward.
ROOT: Pay attention to initial enumeration and investigate it.

Please do remove this if it gives away too much info. I am not sure who or how spoilers are removed and stuff.

Not sure got user in the intended method. but can say aint figured out root yet. has been a good excuse to relearn some stuff.

Any hint for user after enumerating the web services?

Quite stuck after using the d****r r**ry, check the rc script and try to crack the key, which I’m not able to, not sure if I have to enumerate more but I’ve double checked everything and I don’t have any other idea.
Any hint is welcome.

Nvm. Literally just now found a breakthrough… Might use this comment to ask later though lol

/* removed answer to an edited comment */

User is easy if you’re curious enough. Tip: if you’re not familiar with the technology involved here, look at the documentation.

Root: Honestly I don’t know.

I found the d***** auth, and downloaded the c********ate, but not really sure about where to go next.

mixed feelings on this one. I think the box is intentionally setup to be confusing, a bit CTF like. I rooted the box, reset the box and rooted it again to make sure.

Rooted last night. User isn’t really a hard thing to get if you read about the technology used. For root, I rooted it the lazy, dumb way (which I think it’s unintended) and can’t say much about it. Going to try the hard way.

Great box, even though I wouldn’t rate it as hard.

User: if you look hard enough you’ll notice you already have everything you need, don’t waste your CPU cycles and don’t hammer too much the poor box.

Root: enumerate and don’t try to think outside of the box, it won’t do you any good :slight_smile:

@Tohzzicklao said:

For root, I rooted it the lazy, dumb way (which I think it’s unintended) and can’t say much about it. Going to try the hard way.

Interesting, I didn’t notice an easier way than the (apparently) intended one - unless the way I rooted it was unintended and there’s something even easier.

Any guidance on how to proceed to root? I’m in on the box as the user b*** and also got in the /b***/b*** weba****. Can’t really seem to find a way to launch a revshell or anything though

I feel I’m so close to root, trying to exploit the rc command but find a way to either exec code or connect to my local rest-rc server hmmmmmmm

Spoiler Removed

@bluealder said:

I feel I’m so close to root, trying to exploit the rc command but find a way to either exec code or connect to my local rest-rc server hmmmmmmm

Depends on how “local” your r****c server is :slight_smile:

Got root, but I don’t think it was the intended way :confused:

Pushed at root for a while, found a few possible entry points, but eventually I gave up and used the unintended method. If anyone can give me a hint for the proper one, I’d be very interested!