Craft

Rooted! By far the best box I’ve had the pleasure of doing.

It took me grueling hours to get user. (Part of it was I never encountered b****** before!!) It took less than 30 minutes after that to get root however!

I managed to almost ‘escape’ the jail, found the Socks Socks Helen keys but at the prompt it still asks me for a password.

I dumped all the database, found creds for other 2 users than d****h but only 1 of the credentials worked.

Also found out the Se***t.

I feel like I’m missing something.

Edit: I was not calling SSH properly, was first time I was logging in with private/public key linux.

Edit2: Got user and root. Feel free to pm me for help. I reply faster on telegram.

Would someone be able to point me to some good reading resources / provide a hint?
Got some credentials, am able to generate a token, know of a specific function that can be abused… but how…

*update - thanks for the people giving a nudge. finally cracked this box… definitely related to what kind of command you are using to get rce and the formatting of it…

Hi, newbie here. Currently stuck at the s** part. Was able to obtain info on all the alcoholic beverages listed in the db, but can’t seem to do so for the db’s first few entries. Is s**'s UNI** involved by any chance? Any advice would be most welcome. ><

Edit: nvm, found what i was looking for. Had been using the same fet** func when I was looking at the tab**s.

Edit: rooted. 'twas fun :3

Hello,

I have managed to get a reverse shell and it seems that i am a root user. However, i am unable to locate any of the proof files. Could anyone nudge me in the right direction or help to provide documentation where i could read about this instance? Thank you

Finally Rooted. Nice box! I learned a lot from this box.

Here’re my hints:

Init hole:

  1. Read the code carefully, especially some logs, and you’ll find the EVIL hole and the keys.
  2. Utilize the keys and you’ll jump into the jail. (If one payload fails, try harder, try other payloads)
  3. In jail, find the missing file, modify some other scripts to leak others’ keys.

User:

  1. Use the keys and login, read others’ secret codes and configurations. (IMPORTANT!!!)
  2. Open the door~~~

Root:

  1. Google the tool’s instruction. Less than 10mins you’ll make the root dance.

I’d like to say, we may ALL make the same mistakes which the box has in our real life and I experienced the same one that my college made.

Can someone help me? I don’t figure it out how you do it with only SSH, is it a bruteforcing box?

root dance, thanks for the help regarding the v**** - couldn’t see the wood for the trees!

Currently in Jail. I’ve found some credentials in a settings file but cant seem to get them to work anywhere. Using the test. file I can get some results but cant seem to enumerate or find any other data in there?!

Any hints/tips/nods in the right direction would much appreciated, kind of at a point where I’ve run out of things to try (That I know of!)

Rooted!

root@craft:~# id
uid=0(root) gid=0(root) groups=0(root)

Really appreciated this one!
Feel free to ask for hints

I have RCE and can ping, but cannot get shell. Can someone nudge me on what I am missing?

Finally rooted after a couple days of hammering away at it on and off. It took about 2 days to get the foothold but foothold->root took about 2 hours.

root@craft:~# id
uid=0(root) gid=0(root) groups=0(root)

Really learned a lot from this one, and definitely one of my favorites. Feel free to pm for hints.

Thanks to @zachosk for the nudge in getting foothold.

Nice machine! User had a few steps, and a nice learning curve. Root was more about reading, understand how the “tool” works, and … we are in.
Thanks @rotarydrone for the excelent box

Rooted!
Root part was like 5 minutes.
Hardest part to me was getting the reverse shell.
Very cool box!

Rooted. This was awesome! Many thanks @rotarydrone . I spent a lot of time on this box but I got there in the end without any help or hints which feels good.
Reverse shell was tricky but the process of getting it taught me a few cool things. Getting user after that was straightforward but didn’t work for me for some reason. Reset the box today and tried again and it worked. Root took about 3 minutes because I researched the “tool” I needed to use before I actually got user so I knew where to look. Suggestions of what to try next are most welcome

Thank you @halisha for assistance with initial shell. I need to remember to try everything and not only things I am used to. Now I got into the d***** and finding tons of useful info but nothing to actually get me user.

edit: apparently I was not pasting the pw correctly for passphase to get user. That was easy. now onto root.

Root was easy!

Rooted! excellent box, a little frustrating at times but thanks to my mentor @FailWhale for keeping me from tossing my rig off the balcony, a great teacher for telling me just enough to push me in the right direction. My only advice is, dont lose your ■■■■ , or you may end up without a computer to finish with lol. Thanks to @rotarydrone for a box that taught me alot.

Can someone please PM me? I am having problems with SSH keys.
Edit : Omfg, user was that stupid.
Edit : Rooted. Thank you all for the hints

Can someone please give me a nudge for the RCE payload? I can receive pings but shells won’t work (tried different languages, too)… I’m stuck here for days.

Update: Nevermind, got it working now. That was a tough one…

Rooted, Fun Box
PM for hints