Craft

Did this machine 2 days ago… spent 3 days… Root was easy, as i enumerated before that a lot. So root took 10 minutes.

Initial foothold was really nice, spent quite a lot of time… saw each file… and ■■■■ found what i need only after 3 time review of content. (am I blind?)

User this took me 2 days… as i got creds… got s…p…k… tried all passwords i found while enumerating… none of them worked for s… so tried to crack that key… and after 2 days i decided to check passwords again and type by hands, not copy paste… and it worked… What a stupid mistake!

None the less! Machine is great… especially initial foothold… which seems to be a typical error for developers (I did this mistake once… )

@emmycat replied to your PM but I see you figured it out already. Good luck with the box!

A very very very good game

Rooted, feel free to ask for hints.

I finally got user! I was making way more out of it than I needed too :stuck_out_tongue:

Now I just need to figure out how to manipulate this V***T tool to get that sweet juicy rooty tooty fresh and fruity flag.

Root was crazy easy, but im glad I learned about this tool. Just RTFM and enum the GIT.
Yaaaaay!

PM me or hit me up on discord if you need help with this box.

I managed to get my initial foothold, just been stuck on how to escape the “jail” others have referenced throughout this discussion. Any one willing to share some pointers?

I hate golang… figuring out this format for the injection is going to kill me… can anyone give me a nudge to help me figure it out… I know what I want to do to prove I can inject… I just have tried everything I can think of to match the right format. no luck though

I’ve been stuck on enumeration for three days. I’ve tried dirb, dirbuster, wfuzz, and dnsmap and none of them find the subdomains. I’m guessing it has to do with the SSL certificate, but am unsure. I’ve configured the hosts file and wfuzz and dirbuster have found the Swagger URL, so I know those two work, just not for the subdomains. Any hints?

I have initial foothold, can someone please help me get out of jail?

Woo rooted! First one without any tips (apart from a quick hint on root as I was targeting the wrong ip :slight_smile: )

Very nice box!

Finally! got root. I was really overthinking it and missed the obvious.

My hint is: right at the end you will find the key staring back at you.

Thanks @n3b0r and @emmycat

Rooted this machine. Feeling so awesome after rooting since it is a quite challenging machine. (for me). Foothold and users took me two days while I only needed an hour for getting root.

If you guys need nudge, pm me. I am happy to help :slight_smile:

I have the initial basic restricted reverse shell now…I have extracted database username and password…is it of any use or just another rabbit hole?

Type your comment> @fashark said:

I have the initial basic restricted reverse shell now…I have extracted database username and password…is it of any use or just another rabbit hole?

You are on the right track. Just think about where you can use those creds to login?

Struggling on having the shell payload executed. I believe I know why but am seeking guidance. Anyone available for a PM?

You’ve got to be kidding me…! So I got shell pretty quickly, I mean the breadcrumb trail is right there for you. But then…2 days looking for the next step. Why are there no creds? Well apparently you only get what you ask for…What a plonker. I just needed to ask for a bit more. Still, took me another afternoon to get user. 3 days wasted - well when I say wasted, I mean: learning an incredible amount about systems I’d vaguely heard of but never played with. Now off to get root, which I think I may have already guessed how it’s going to work.

Thanks for giving a real novice a few more skills to hopefully help me transfer in to the pentesting world.

My only disappointment was the lack of proper British beers.

Edit: Root had in almost 15 mins, almost exactly as I thought. Great challenge, confidence to try the slightly harder boxes now.

can anyone pm me with initial foothold hint , like which repo to look into ??

Rooted. Great box…

Wow… 3 little characters in a script held me up for days, I kicked myself so hard.

user: the leader of the team will show you the way. Read scripts carefully(!)
root: Learn how to use the tool that is provided. One shot is all you’ll need.

Type your comment> @wolfflow27 said:

can anyone pm me with initial foothold hint , like which repo to look into ??

Enumerate the repo you have access to carefully - both past and present. Look for interesting things. Then read current code carefully and look for something that can be exploited.