Obscurity

@idomino said:

I enjoyed this very much, thank you @clubby789! But I think misclassified, it’s one of the easiest ones currently available.

I may have misset permissions at a particular point ;).

Type your comment> @clubby789 said:

@idomino said:

I enjoyed this very much, thank you @clubby789! But I think misclassified, it’s one of the easiest ones currently available.

I may have misset permissions at a particular point ;).

lol I know what you mean. Not having that knowledge would have made it definitely harder :smiley:

Type your comment> @HumanFlyBzzzz said:

Yeah i’m stuck afraid to admit. Any hints on initial ? I haven’t found anything particularly juicy

same here, I only know whats on the main webpage and my gobuster scans aren’t working

Thx @s0clyst , looks interesting. I’m turning in for tonight, had one too many drinks. Don’t drink and hack kids lol

I am getting an empty response (no errors, just empty…) from the server when sending the payload to get a shell. Does anyone have a similar problem?

which wordlists are u guys using to get to the S****SS.py file ??
or should we look for it without scanning too much

Type your comment> @c00de said:

which wordlists are u guys using to get to the S****SS.py file ??
or should we look for it without scanning too much

stay simple, stay common… Once you choosed the wordlist, Burp, intruder and you will get it!

Type your comment> @phat said:

Type your comment> @c00de said:

which wordlists are u guys using to get to the S****SS.py file ??
or should we look for it without scanning too much

stay simple, stay common… Once you choosed the wordlist, Burp, intruder and you will get it!

i forgot to add the port to the url hahaha

any hints on how to restore key for user or bruteforce is the only way?

EDIT: Got user. On my way for root. Bruteforce seems to be the only way to restore a key

Rooted the box, but I’m not sure it was an expected way. Can you share how you got root with me, because it was way too easy

Hmm pretty much stuck on init foothold, found some corrupted files via source code auditing

Rooted.

Thanks @clubby789 for the box.

Nice box, I enjoyed getting user.

Type your comment> @B3LL4T0R said:

Type your comment> @HumanFlyBzzzz said:

Yeah i’m stuck afraid to admit. Any hints on initial ? I haven’t found anything particularly juicy

same here, I only know whats on the main webpage and my gobuster scans aren’t working

The first part is pure CTF. Focus on the message in the main page.

@zkvo said:
Hmm pretty much stuck on init foothold, found some corrupted files via source code auditing

Focus on a function you would like to exploit.

From there, develop your attack.

Trying it locally might be more helpful.

Hey guys, I used the common wordlist with ZAP, but still nothing. Any hints? Also, its suspicious that its looking for a document when any 404 arises…

Type your comment> @idomino said:

:slight_smile:

uid=0(root) gid=0(root) groups=0(root)

I enjoyed this very much, thank you @clubby789! But I think misclassified, it’s one of the easiest ones currently available.

This has made me give in “One of the easiest around” … as I saunter back to my day job lol

Any hint for getting the directory? tried big wordlist on it :confused:
tried ffuf too

Rooted, nice box… I just needed to update my Python skills…

Rooted , here are my hints :

User : - read carefully the webpage. The next step should be obvious

  • enumerate a little to get user.txt

Root : -don’t overthink , it’s very simple , some basics Linux privesc…

You’ll need basics python understanding!

Good luck

R00ted!!! @clubby789 - Excellent job! Fun box.

I hope these tips are ok and do not veer off into the spoiler realm. I tried to keep them as general as possible, and really these “tips” are just good advice any pentest 101 class will teach, I am just kinda focusing the general advice a bit.

Foothold - pay attention to how things are working, enumerate. Once you find what you are looking for; It pays to figure out what the code is doing, I went as far as to get things running on my attack box, that way I could dump variables and test locally, once you do that the path forward is super obvious.

User - A bit tricky, but if you enumerate and find all the files you have access to (again just good basic sense that should be tried every time); you can find some interesting things (not much of a spoiler as the whole point of good enumeration is to find interesting things). You will have to manipulate some of the finds (custom scripts help a lot); if done right… boom you are in.

Root - pay attention what you have access too, again learn how things are working, and it becomes super obvious… for me root was 100x easier than user (not saying user was super hard, but by comparison)… so if you can pop a user shell; you’re almost there.

I hope this helps, and if you get stuck “try harder”. Feel free to PM me. I apologize if I do not get back with you super quick; my life is hectic and between that and popping my own boxes, sometimes the PMs slip pass me. Cheers.

Based on the reactions I’m getting maybe I was too harsh when I said “one of the easiest ones currently available”, maybe it was just easy for me, as all stages are simply solved by a few lines of python, but I guess I can understand why people are struggling with stock tools.