Finally rooted. That was a nice experience and definitely one more thing to take into account during enumeration. Thanks @mrR3boot
For those who still struggling with the initial foothold:
User:
Don’t even try to brute by dictionary. There is absolutely no chance to do that.
Don’t trust your eyes - trust responses.
Don’t forget that some special chars have even more special meaning.
Root:
For some reason didn’t manage to spawn local shell, but managed to spawn reverse. Once again don’t trust your eyes.
For those who still cannot get hints about fruit. Try to play with letters
Raise your hand if you’re tired of people thinking “cOnSiDeR tHe BoX nAmE” is a hint when there are roughly four million different kinds of software named after fruit…and apparently we are supposed to guess one…
there are different vowels in the alphabet…I understand your anger, the path to initial foothold is extremely annoying and requires a bit of dev-style thinking
This was a really fun box and a great learning experience. Kudos to @MrR3boot.
Obligatory hints.
User: very thorough enumeration is the key, knowing a bit of CS theory (and applying it in terms of code) really helps cutting down the time needed.
Root: I said “very thorough enumeration” for a reason.
Finally rooted. That was a nice experience and definitely one more thing to take into account during enumeration. Thanks @mrR3boot
For those who still struggling with the initial foothold:
User:
Don’t even try to brute by dictionary. There is absolutely no chance to do that.
Don’t trust your eyes - trust responses.
Don’t forget that some special chars have even more special meaning.
Root:
For some reason didn’t manage to spawn local shell, but managed to spawn reverse. Once again don’t trust your eyes.
For those who still cannot get hints about fruit. Try to play with letters
Raise your hand if you spent far too long writing something in python, just for it to continue to let you down…
Please keep in mind all this is based on I assuming you wrote the same thing I did and you first screwed up the same thing I did. You might want to add a single ^ to the right position and/or check what you exclude. Tiny tiny changes make huge differences
@Ruri you’re goin the wrong way. It’s not a hint that the thing is named after a fruit. It’s named /almost/ after the box. Consider it a… typo?
Thanks @MrR3boot , learned couple things The route to user was quite fun (and thankfully it was not as much trouble as Player).
I quickly found my way to the “under construction” page, but got stuck there for some time. For anyone else in a similar position, my hint is that the vulnerability used to get there is correct but it needs an uplift. Perhaps taking a look at PayloadsAllTheThings would help (if you got to the under construction page you will know where to look in the repo).
Hey everyone! I am having a hard time trying to move forward. I am stuck on the mango search engine and the a*****.**p. Some help please! I am new at this! Thanks.
It’s been 3 weeks since I got into this wonderful world of pentesting. I’ve done a few machines here but his has been one of the most enjoyable ones for me so far. So great job on this box @mrR3boot!
I really struggled with a python script, everything seemed perfectly fine, but I got a different answer than I expected every time. It helped to pass an extra argument to a method somewhere (silly me).
I didn’t get a root shell but was able to get the root flag anyway. I assume it’s through the same escalation method though.
Hints: @olsv gave a really good hints for the initial foothold.
root: it helps if you can code in a certain language