Player

From jail as t*****n i was able to read user.txt but have no idea how to escape or where find creds for s***d-dv . Could someone give some hints?

This starts to be frustrating =)
i’ve found:

  1. contents of /la****/ including php and js
  2. d** vhost and the app used there + link to github. lots of additional php files here which are not part of the repo, but anyways = access denied
  3. c*** vhost and not much here
  4. s****** vhost and the glitch with php + dir name

i’ve been hunting for the ‘bak’ for two days now… of course i haven’t busted every dir yet, but seems like this isn’t the way…

@v01t4ic said:

i’ve been hunting for the ‘bak’ for two days now… of course i haven’t busted every dir yet, but seems like this isn’t the way…

Have you ever used vim?

@Balon said:
Hard and interesting box. Thanks @MrR3boot !
PM for hints.

@angar said:
that was a great box
thank you @MrR3boot!

My pleasure @angar, @Balon :slight_smile:

Type your comment> @discoD said:

@v01t4ic said:

i’ve been hunting for the ‘bak’ for two days now… of course i haven’t busted every dir yet, but seems like this isn’t the way…

Have you ever used vim?

found it, thanks!

edit: …magic, indeed!

Hi, I have everything, but not sure where to proceed further. If someone could give a little nudge? Thanks

anyone care to give me a nudge?
Am still in the user stage. Have however been able to log into jail.
Then exploited it which gives me ability to read files…
found some interesting things but it’s not showing me full content of the files.
not sure what I am looking for at this stage.

Should I be using actual media files to test the upload page? Sending random text files with video file extensions doesn’t seem to lead anywhere…

Cool machine so far. Long, very long way to user. But like many others deadly stuck at restricted environment… If someone’s got time, please, PM me, I need a little push to the solution.

Update: Rooted. Thanks @v01t4ic for help and @MrR3boot for an amazing box! Really worth spending time on.

@bu77er0verfl0w said:
Should I be using actual media files to test the upload page? Sending random text files with video file extensions doesn’t seem to lead anywhere…

Think about tools which are used to handle this type of data. And look at what you obtain using the tool. Google will lead to some vulnerability to go further.

Any nudge?

Finally rooted! Thanks for this interesting box @MrR3boot!

Hints.
User: come back to the bug
Root: watch what is going on

Can anyone give me a nudge on a jail escaping?

Edit: got it.
This box is totally crazy :slight_smile:

@Shtrikh17 said:
Cool machine so far. Long, very long way to user. But like many others deadly stuck at restricted environment… If someone’s got time, please, PM me, I need a little push to the solution.

Update: Rooted. Thanks @v01t4ic for help and @MrR3boot for an amazing box! Really worth spending time on.

@v01t4ic said:
Finally rooted! Thanks this interesting box @MrR3boot!

Hints.
User: come back to the bug
Root: watch what is going on

Glad you guys enjoyed the Game.

Hey can anyone give me a nudge on how to find the ‘bak’ file? I’ve found all the vhosts but for the life of me I am getting nowhere in finding this file.

Spoiler Removed

Rooted!

This was my first really HARD box, and I enjoyed every minute of it even it came with frustration and banging my head against the wall.

This is a great box for testing your accumulated knowledge from the easier boxes, I highly recommend it.

If you need any help PM me and I will try to guide you without spoiling the fun of it.

Thank you for you work @MrR3boot .

@trollzorftw said:
Rooted!

This was my first really HARD box, and I enjoyed every minute of it even it came with frustration and banging my head against the wall.

This is a great box for testing your accumulated knowledge from the easier boxes, I highly recommend it.

If you need any help PM me and I will try to guide you without spoiling the fun of it.

Thank you for you work @MrR3boot .

Most welcome mate :slight_smile:

# id
uid=0(root) gid=0(root) groups=0(root)

Finally got it!
The best machine i ever completed hands down.

If anyone needs any help on this, call me on my Discord (Celesian#0558)

So I think I know the exploit to use but it requires creds… can someone chuck any hints to where these might be or let me know if I am on the wrong track?