Craft

Rooted. Thanks for great box.
But you here for the hints are you? :wink:

###Foothold:

  • Git remember about every you mistake. Even if you think you have fix it, git remember…
  • RTFM about local api, Read the source code and comments.

###User:

  • Insecure methods and user input … again
  • You will be contained with several objects. Try to understand, what methods you can use, and read source again, to understand what may be useful.
  • Enumerate and you will get the key

###Root:

  • Right over your nose

PM for hints, hope not too spoiled

Nice Box

Rooted

root@craft:~# id
uid=0(root) gid=0(root) groups=0(root)

Cool box and real life example.
Although had lot’s of problems with the correct syntax for the reverse shell, thanks @sn4k3r1tu4l for the nudge on the syntax.

After the reverse shell user and root was easy.

Finally got root!!! It took me so looong to get user!
I’ve enumerated everything (many times)… At the end, i knew whole environment like my pockets. Because of that, once got user, it took me about 5 minutes to get root.

There’s everything you need on this board to get both (without any prevous knoledge). Have fun :wink:

Rooted! Arguably the best machine I’ve done on HTB so far.

Really struggled with the payload. I’d love to hear from others what payload did they use. I wonder if my way was the only one.

Hints:

  • The forum thread is very informative for HTB standard. Spoilerish sometimes. I knew what to do to move from foothold to user even before having foothold.

Foothold:

  • Enumerate. A lot. Look under every stone but not in CTFy way. Just look at what the public systems offer and follow the crumbs
  • When you find a vuln you’ll struggle with a payload (I know I did). Don’t fret, just take it slowly. Try simple things first, build up on them. Make sure your payload does what you think it does, test locally.

User:

  • Use what you already know to gain more information. You’ll even have almost-ready scripts for that
  • Enumerate even more with your new info
  • Remember: these guy’s (the dev team from the box) suck at security. Use their mistakes

Root:

  • It’s really easy, compared to the user
  • Find the tool, RTFM, root dance
  • BUT copying command from tutorial won’t do. Make sure you know the keys before you try to stick them into the hole

If you still have problems, PM me, I’ll try to help.

Rooted - really fun box. Plenty of hints here already,b ut if you get stuck you’re welcome to PM me.

Rooted.
Fun box!

User is harder for me than root as usual.

User is not easy and if you get frustrated then PM me for hints.
Root is very easy

Having some issues with the payload. I tried testing it locally and that works, but even trying just a simple print statement via the post request gives me the error: an unhandled exception occurred. I’ve tried every single escape char I can think of but I still get that error. I’m using a modified python script taken from their repo in order to exploit. Any hints would be appreciated.

My hints for user.

1º There’s one evil function that can be abused.

2º If your reverse shell dies fast, try with a different one. No need to complicate things.

@birb said:

Having some issues with the payload. I tried testing it locally and that works, but even trying just a simple print statement via the post request gives me the error: an unhandled exception occurred. I’ve tried every single escape char I can think of but I still get that error. I’m using a modified python script taken from their repo in order to exploit. Any hints would be appreciated.

You are getting an exception since you are doing something the application didn’t expect.

That doesn’t mean however your payload hasn’t been executed. If you are with a payload already, try to create a reverse shell. That’s the best way to see if your approach is working or not.

Rooted!

Really cool box. Lot of fun related to Linux common tools. Very realistic.
There are a lot of hints in this thread.

Thank you @rotarydrone for making this box.
If you need more help, PM me.

=)~

Pwned! My first active box!
Thanks @Heilla and @melqhart for helping me out.

i am stuck on rev. sh.
I found RCE and tried every possible rev but it keeps saying “An unhandled exception occurred.”, a little nudge?

I don’t know if I did this the wrong way but I never got a low priv shell, the shell I got was root right away. Is this what is meant to happen? Please pm me so we can discuss what I did without spoiling any info here. Thanks

Interesting box, the part with reverse shell was more painful than getting everything afterwards only because my kali machine acted strange for some reason

Can anyone help me with etc/hosts part?
I’m a bit stuck

Type your comment> @n3k0m4 said:

Can anyone help me with etc/hosts part?
I’m a bit stuck

it’s fine I got trough it !

Type your comment> @Tatsuya said:

Interesting box, the part with reverse shell was more painful than getting everything afterwards only because my kali machine acted strange for some reason

I think everyones acted strange

That was a great box.

root@craft:~# id
uid=0(root) gid=0(root) groups=0(root)

Been struggling quite a lot to get the payload syntax for initial shell, would love to get some explanations about it and some help getting it fixed.
edit : nvm got it

I don’t know how to get out of the jail please help me…

Edit: got user !