Registry

I’m stuck to the very start. I got the c.t, I tried to get the c*****g, but obviously I don’t have the auth, neither the k.y. Any nudge for the initial foothold?

Type your comment> @FoX01 said:

Got user.
Thanks @Rolesa, @noob2sec and @masquerad3r.
Go to root.
PM for hints.

Glad I could help :slight_smile:

Got root flag with r****c but wasn’t able to execute code with that method

Type your comment> @sulcud said:

Got root flag with r****c but wasn’t able to execute code with that method

Just use same method and grab bigger.

When I do ‘locate root.txt’ there is no root.txt on the system?

Any nudge for the run to w**-***a?

Spoiler Removed

Rooted.
Really frustating machine, but it was a great teacher to me.

User 1: What a ride. Enumerate and don’t ignore anything. Scan smart not hard.

User 2: Quite simple to find if you enumerated, but not so simple to actually do it. You’ll take a step backwards =) You have to be fast and think outside the box. You can’t outrun it, but you can outsmart it. The more creative you get, the better.

Root: Tunneling and Enumeration. Luckly my first enumeration command had what I needed. Then the hardest part of this machine: Exploiting the thing. I had to do a million tests and troubleshoots before it worked, but it worked. I didn’t think I needed a root shell, so I didn’t try, but I think it’s possible.

Rooted.

Fun box!!

Very easy for User but what a day for root.
PM me if you’re stuck, you’ll need patience for root.

Got rootflag, finally! One of my favourite boxes so far, awesome learning experience.

Feel free to PM me if you need any tips!

@bumika said:

Since I knew the result of the earlier “reverse” nmap scan, I realized that I needed to apply “Server” method locally. The only problem was scarcity of a proper server. At that time I found an important word (p******e) in a message on this topic (thank mate), and hit my head gently. The solution is very simple.

I needed reading some pages from a tutorial of the application and readme of the server and constructed the finish which contained 5-10 elementary steps. It was a joy to see that my commands ran without any error.

Did you use r***-*****r or r****e?
I tried the first one, but with no luck!>

Type your comment> @BadRain said:

Since I knew the result of the earlier “reverse” nmap scan, I realized that I needed to apply “Server” method locally. The only problem was scarcity of a proper server. At that time I found an important word (p******e) in a message on this topic (thank mate), and hit my head gently. The solution is very simple.

I needed reading some pages from a tutorial of the application and readme of the server and constructed the finish which contained 5-10 elementary steps. It was a joy to see that my commands ran without any error.

Did you use r***-*****r or r****e?
I tried the first one, but with no luck!

[Edited]: I chose the first option.

Stuck with the creds on the API, any nudges?

i believe both uname and pw is the top 1 on the wordlist…

@0byte, silly me, got it thanks!

Don’t really do the forums, but finally rooted this and would like to say thanks to @thek

Really enjoyable, and the user part was a great example of how you can gain a practical understanding of some theory. Root was frustrating but RTFM able, Really enjoyed it.

Argh, have hard time cracking the s** key for b***, please someone PM for some nudges.

EDIT: Nvmd, got it, thanks to @Rolesa, missed an important enumeration.

edit: probably spoiler

the machine behaves differently compared with this morning, after issuing a reset it should be in the exact same state, but it is not

edit: probably spoiler

about 1,5h after reseting the machine, the machine allows me to execute the uploaded reverse shell… looks like I missed part of the URL (shell.php?numeric)