Registry

The machine has been updated, and they have patched things.

WoW, really cool box, thanks @thek
Just because I’ve almost shouted to the screen when I got root, I will try to give some meaningful advice:

user: just do normal enumeration until you find the API of a very popular tool used in devops, enumerate that new service, make a local copy and then enumerate again once you are iniside, from there you should get a ssh account to the box that will give you user

root: the fun begins here mate, I will only talk about the hard privesc since it’s the only one left at the moment, enumerate EVERYTHING as if it was the first time on the box, you might get too focused on 1 file as I did, but you will find out that you cannot exploit it directly, so ENUMERATE MORE until you find some creds, then exploit the service that the creds are for, finally you will have a shell for a user that will be able to exploit the last thing to get root (the 1 file I was talking you about), so setup your local thing and get your ■■■■■■■■ fucking root.txt

Let’s go mates, have fun.

fantastic box root i thought was frustrating at first until i read things correctly did notice some changes over the past 24 hours that effected a few things but got there all the same.

If your stuck hit me up will do my best and back online in 8 hours time :smiley:

I was really enjoying this box until I got user and started moving towards root, and then I discovered all the little measures designed to just annoy me in my quest rather than serve any legitimate security purpose. User was interesting and informative, but root is turning out to be extremely annoying for really no reason at all.

any help for root ? i have shell

Finally got there. Holy ■■■■, that privesc was so, so annoying. There are so many little “features” on this box that are just designed to be irritating.

PM for hints; not my favorite box.

Got root… Finally!!!

Funny box… Needed some clue from this board to get (back) on track, once figured it out how to proceed, it’t just a matter of RTFM ;).

Well, this was interesting…

I found the creds to the second shell before anything else, so I thought I could hit root directly… but Computer says no. So I had to go back and do it the way it is designed to be… ■■■■ it :stuck_out_tongue:

Anyway, hints:
user: do your enum. There are obvious clues, then google and find a step by step article on what to do.
root: find the one thing that really matters from your enum, and just follow the steps to be able to do what you want to do.

Thank you @thek great learning experience && nice box :slight_smile:

Is the /bt/bt giving you guys 502 Bad Gateway error ? or is it just me

Can someone pm me to help me please. Thanks

I’m on the final point any hint on how to get rshell as user wd tried bind and reverse for million types with no luck managed to get command execution though.

I’m in the last step for root and trying many things to have my new she’ll but each time I have an 504 error . Are the box broken or it’s normal ? …

Fortunately User.txt was quite easy to get. But now I’m stuck at root :frowning:

Can someone clear out one thing to me.
On my way to root I’m able to get rev shell as that -d user.
However the shell is buggy lags in responses.
Am I doing something wrong or the box is just buggy?

Could use a nudge on the initial enumeration. I’ve found /b*** but can’t seem to find anything useful there…

Should I be using something other than directory-list-2.3-medium.txt?

Type your comment> @Lycist said:

Could use a nudge on the initial enumeration. I’ve found /b*** but can’t seem to find anything useful there…

Should I be using something other than directory-list-2.3-medium.txt?

Go thro the nmap results again …This time very carefully :slight_smile:

Anyone else having constant term lock-up when ssh’d in a user?

@ow1joker
Same here and I’m on VIP server.
Also my other shell is acting up the same.
Not sure why. Trying to figure out.

Which user? I have no problems on free eu-1