Registry

Rooted, my first hard box was really fun. Thanks to everyone who helped me! @Rolesa @gorg @aho .
Please, PLEASE don’t delete flags next time, I’ve lost 1 whole day enumerating beyond the intended.

PM for nudges.

I got root.txt but not rooted yet!
Maybe tomorrow :slight_smile:

I wasn’t familiar with r****c but it seems like a really good tool.

– deleted

Need nudge towards root - have access as bt user. found some interesting files in the folder where the bt app is hosted and a ct file belonging to w**-d** user (couldnt extract due to invalid format). I see that r***c may be the exploitation path but dont know how to piece all this together. DM please for nudges.

So, rooted finally. My first hard box, what a journey! Had fun with this one. Thank you @thek

I’m not gonna write any tips this time- plenty of help already in this thread. Probably even too much. Nevertheless PM me for nudges if stuck.

Anyone else is having a problem, when logging in into the web app - the credentials are right, but it shows an “Uncaught Exception”, and cannot continue from there?
EDIT: Never mind, changed the browser, had some issue with cookies.

i’m really stuck on priv-esc, i’m on the webapp dashboard and I’ve tried everything I can to get revshell/codeexec… but i’m still there. Someone who can help me? D:

Any hint for initial part?
Found .r.h*/v2 but can’t find anything interesting :confused: tried enumeration . (have creds)

So, i’ve got the user b**t but have no idea where to look for root. i’ve found a hash from .versin file and it’s salt from the same directory. i’ve also got a login form in /bot. How should i proceed

Wheww…rooted…thankyou @Kamperr @idomino @3l0nMu5k for the nudges

Thank you for the box.

Both frustrating and rewarding at the same time.

I learned new tricks.

In case anyone is stuck, feel free to PM me, but I think there are enough hints in the thread.

Wow!
My first hard rated machine and that’s looks good for me.
Vector is always obvious, but you need to think and RTFM a lot. (at least that was so for me).

Many thanks to @thek
Learned a lot, was not familiar with any of software used here lol.

Done Man that Re**** was tough…

Puh I got root. Thx to @3l0nMu5k for his help! I learned a lot. Never heard about this software before.

Got user finally, went down a rabbit whole with the D***** r******* v2 ap*. Finally figured out the commands to do it correctly, then its all enumeration. Onto root.

Rooted. User is very easy. Root also is not very hard but nice!

Got user, struggling with root.
Got Admin password but i am unable to upload shell. tried known exploit method :confused: any hint?

This a brilliant box, but for not apparent reason I got stuck and quite a few rabbit holes. A few nudges from @noob2sec and @ekka got me going, so thank you both for it! :slight_smile:

Overall, my recommendations make sure you cover the basics of your enumeration. For root, don’t try to reinvent the wheel and make sure you know what privileges you have.

Really great box so far, learned a lot about d****

Anyone for a nudge on root ? stuck on making r**** work with r***-s****

Hi. I’d like some help getting to user #2 if anyone is willing to DM. Thanks ?