Registry

I found the d***** auth, and downloaded the c********ate, but not really sure about where to go next.

mixed feelings on this one. I think the box is intentionally setup to be confusing, a bit CTF like. I rooted the box, reset the box and rooted it again to make sure.

Rooted last night. User isn’t really a hard thing to get if you read about the technology used. For root, I rooted it the lazy, dumb way (which I think it’s unintended) and can’t say much about it. Going to try the hard way.

Great box, even though I wouldn’t rate it as hard.

User: if you look hard enough you’ll notice you already have everything you need, don’t waste your CPU cycles and don’t hammer too much the poor box.

Root: enumerate and don’t try to think outside of the box, it won’t do you any good :slight_smile:

@Tohzzicklao said:

For root, I rooted it the lazy, dumb way (which I think it’s unintended) and can’t say much about it. Going to try the hard way.

Interesting, I didn’t notice an easier way than the (apparently) intended one - unless the way I rooted it was unintended and there’s something even easier.

Any guidance on how to proceed to root? I’m in on the box as the user b*** and also got in the /b***/b*** weba****. Can’t really seem to find a way to launch a revshell or anything though

I feel I’m so close to root, trying to exploit the rc command but find a way to either exec code or connect to my local rest-rc server hmmmmmmm

Spoiler Removed

@bluealder said:

I feel I’m so close to root, trying to exploit the rc command but find a way to either exec code or connect to my local rest-rc server hmmmmmmm

Depends on how “local” your r****c server is :slight_smile:

Got root, but I don’t think it was the intended way :confused:

Pushed at root for a while, found a few possible entry points, but eventually I gave up and used the unintended method. If anyone can give me a hint for the proper one, I’d be very interested!

do not try to crack anything user wise use grep and look forensics wise at your d*r p and when u overlay to something useful you will see the mess of the ctf like setup he talks about

Any hint on user where should i look next, got a file lat*** with hashes and got the _c***** name … don’t know how to proceed from there!

I got root in the right way, now I’m satisfied.
Thank you for the box @thek, nice one.

Got root both ways now, great box I liked it a lot!

@gall0ws @bluealder I’m so glad you liked it :wink:

Rooted, thanks @gall0ws for nudges. Fun box, difficult but doable. Good work @thek. Am curious if this can be exploited to get root shell or just read the flag? I did the latter. EDIT: nvm, I wasn’t looking closely enough.

User:
Enumeration leads you to a new sub. There’s more than meets the eye here; google it. Once you have it, make sure history isn’t doomed to repeat itself.

User2:
Basic enumeration and some elbow grease should give you what you need.

Root:
Look for what stands out in basic enum, read through the files and the commands you’re able to execute which maybe you shouldn’t. Google from there.

@east You’ll get the root shell if you don’t aim just at the flag.

anyone message me. how i can get a shell… i stuck in dirb…

  • Rooted. Thanks to the creator of the box. @thek