Obscurity

rooted, very straightforward box…

:slight_smile:

uid=0(root) gid=0(root) groups=0(root)

I enjoyed this very much, thank you @clubby789! But I think misclassified, it’s one of the easiest ones currently available.

@idomino said:

I enjoyed this very much, thank you @clubby789! But I think misclassified, it’s one of the easiest ones currently available.

I may have misset permissions at a particular point ;).

Type your comment> @clubby789 said:

@idomino said:

I enjoyed this very much, thank you @clubby789! But I think misclassified, it’s one of the easiest ones currently available.

I may have misset permissions at a particular point ;).

lol I know what you mean. Not having that knowledge would have made it definitely harder :smiley:

Type your comment> @HumanFlyBzzzz said:

Yeah i’m stuck afraid to admit. Any hints on initial ? I haven’t found anything particularly juicy

same here, I only know whats on the main webpage and my gobuster scans aren’t working

Thx @s0clyst , looks interesting. I’m turning in for tonight, had one too many drinks. Don’t drink and hack kids lol

I am getting an empty response (no errors, just empty…) from the server when sending the payload to get a shell. Does anyone have a similar problem?

which wordlists are u guys using to get to the S****SS.py file ??
or should we look for it without scanning too much

Type your comment> @c00de said:

which wordlists are u guys using to get to the S****SS.py file ??
or should we look for it without scanning too much

stay simple, stay common… Once you choosed the wordlist, Burp, intruder and you will get it!

Type your comment> @phat said:

Type your comment> @c00de said:

which wordlists are u guys using to get to the S****SS.py file ??
or should we look for it without scanning too much

stay simple, stay common… Once you choosed the wordlist, Burp, intruder and you will get it!

i forgot to add the port to the url hahaha

any hints on how to restore key for user or bruteforce is the only way?

EDIT: Got user. On my way for root. Bruteforce seems to be the only way to restore a key

Rooted the box, but I’m not sure it was an expected way. Can you share how you got root with me, because it was way too easy

Hmm pretty much stuck on init foothold, found some corrupted files via source code auditing

Rooted.

Thanks @clubby789 for the box.

Nice box, I enjoyed getting user.

Type your comment> @B3LL4T0R said:

Type your comment> @HumanFlyBzzzz said:

Yeah i’m stuck afraid to admit. Any hints on initial ? I haven’t found anything particularly juicy

same here, I only know whats on the main webpage and my gobuster scans aren’t working

The first part is pure CTF. Focus on the message in the main page.

@zkvo said:
Hmm pretty much stuck on init foothold, found some corrupted files via source code auditing

Focus on a function you would like to exploit.

From there, develop your attack.

Trying it locally might be more helpful.

Hey guys, I used the common wordlist with ZAP, but still nothing. Any hints? Also, its suspicious that its looking for a document when any 404 arises…

Type your comment> @idomino said:

:slight_smile:

uid=0(root) gid=0(root) groups=0(root)

I enjoyed this very much, thank you @clubby789! But I think misclassified, it’s one of the easiest ones currently available.

This has made me give in “One of the easiest around” … as I saunter back to my day job lol

Any hint for getting the directory? tried big wordlist on it :confused:
tried ffuf too

Rooted, nice box… I just needed to update my Python skills…

Rooted , here are my hints :

User : - read carefully the webpage. The next step should be obvious

  • enumerate a little to get user.txt

Root : -don’t overthink , it’s very simple , some basics Linux privesc…

You’ll need basics python understanding!

Good luck