Player

@s1mpl3 welcome :slight_smile:

i am wondering if the jail is a rabbit hole? any hints?

Hard and interesting box. Thanks @MrR3boot !
PM for hints.

My GAWWWD… user took me 2 days :(, I had the ssh login successfully using the user txxxgxn, but it was a restricted shell :(, but thanks to the “vuln”, got the user immediately. Now seems that the root isn’t far away.

EDIT:
DONE :slight_smile:

Upload is getting me to bang my head against the wall. Think I know how it works on a basic level but beyond that I can’t seem to recognize this CVE people are talking about.

Edit: Past that, got user.txt, now stuck with a sha1/md5 hash I can’t seem to crack.

that was a great box
thank you @MrR3boot!

What are we supposed to do with the rshell on the high port? I tried a bunch of ways to escape it but nothing worked.

From jail as t*****n i was able to read user.txt but have no idea how to escape or where find creds for s***d-dv . Could someone give some hints?

This starts to be frustrating =)
i’ve found:

  1. contents of /la****/ including php and js
  2. d** vhost and the app used there + link to github. lots of additional php files here which are not part of the repo, but anyways = access denied
  3. c*** vhost and not much here
  4. s****** vhost and the glitch with php + dir name

i’ve been hunting for the ‘bak’ for two days now… of course i haven’t busted every dir yet, but seems like this isn’t the way…

@v01t4ic said:

i’ve been hunting for the ‘bak’ for two days now… of course i haven’t busted every dir yet, but seems like this isn’t the way…

Have you ever used vim?

@Balon said:
Hard and interesting box. Thanks @MrR3boot !
PM for hints.

@angar said:
that was a great box
thank you @MrR3boot!

My pleasure @angar, @Balon :slight_smile:

Type your comment> @discoD said:

@v01t4ic said:

i’ve been hunting for the ‘bak’ for two days now… of course i haven’t busted every dir yet, but seems like this isn’t the way…

Have you ever used vim?

found it, thanks!

edit: …magic, indeed!

Hi, I have everything, but not sure where to proceed further. If someone could give a little nudge? Thanks

anyone care to give me a nudge?
Am still in the user stage. Have however been able to log into jail.
Then exploited it which gives me ability to read files…
found some interesting things but it’s not showing me full content of the files.
not sure what I am looking for at this stage.

Should I be using actual media files to test the upload page? Sending random text files with video file extensions doesn’t seem to lead anywhere…

Cool machine so far. Long, very long way to user. But like many others deadly stuck at restricted environment… If someone’s got time, please, PM me, I need a little push to the solution.

Update: Rooted. Thanks @v01t4ic for help and @MrR3boot for an amazing box! Really worth spending time on.

@bu77er0verfl0w said:
Should I be using actual media files to test the upload page? Sending random text files with video file extensions doesn’t seem to lead anywhere…

Think about tools which are used to handle this type of data. And look at what you obtain using the tool. Google will lead to some vulnerability to go further.

Any nudge?

Finally rooted! Thanks for this interesting box @MrR3boot!

Hints.
User: come back to the bug
Root: watch what is going on

Can anyone give me a nudge on a jail escaping?

Edit: got it.
This box is totally crazy :slight_smile: