Json

Hi all, I have rooted the box using ‘vegetable’ way. Now onto the harder way.

Need a nudge because I have been spending whole day on it. I’m still not sure whether I should look at p17, or F****.x** or S*2p. Got the hash, tried jtr, no avail.

Thanks

is the vegetable not working anymore on purpose?

Alright. rooted using both easy and hard way. Hard way is so hard because I have never seen it before. Guess I’m still a newbie. Learn a lot using the hard way.

Rooted the box, but I think I cheated and it’s not an intended way with Sc2*. Can anybody pm to discuss how they did it

I am noob in ctf. I have been stucked for awhile in this box. So far, got the “axxxx” user and password. Found some seems useful directories but without permission to access. Could someone dm me and give me some hints? Thanks!

Very nice machine. User was super nice and straightforward. The second quickest user after resolute.
Important hint about generation your “stuff”: keep in mind the name of machine when you choose format and then transform manually. Don’t be me trying taking shortcuts-:slight_smile:
I hope I did not spoil too much.

Now its time for root.

Can any one DM and help me in it? This is my first time CTF and I am really enjoying this machine, but got stuck. I have an image how it will got ( by exploiting Jn using ys***ial )
but can’t have the payload to work, can any one DM me and hint me?

Unable to get reverse shell working on this machine. Any tips ?

Just completed this machine, but still many questions and doubts.
My general toughs for the root part:

  1. I did not use vegetable
  2. I believe I used intended way, but I just used VS in order to develop (a big word in this case, mostly copy/pasting) a small tool to “retrieve” what I need in a very sharp language. You probably can do it in the “reptile” language, but deciphering part would be to much hassle for me.
  3. My initial idea was to just install and run the stuff and grab what I need “in the fly”. I wasted a lot of time trying to make it happen on a separate WinVM. Does someone do it on Win or (even better) on Kali? I’ll appreciate details how on PM.
  4. I tried to get interactive shell by passing, by forwarding and by invoking, but it did not work or just hung. At some point I gave up, just log in and literally get the flag.

Overall nice machine although p. 3 and p.4 spoiled a bit the overall impression.

I’m the same as @jugulaire, don’t know if Windows Def is interfering or I’m just doing somic wrong. Been trying to get around Def for ages offline and no luck, Don’t wanna spend much longer on it if it’s not gonna get me anywhere.

PM for tips pls, and will send respect your way :slight_smile:

anyone else having major speed issues on this box ? I rebooted it twice tonight and even then, once I get a reverse shell to it, doing simple commands like “whoami”, “cd ***”, “dir” takes lots of time to complete or don’t complete at all until I press enter a few times. Is there a specific reverse shell payload that has better performances ?

Edit: box was fine the next morning and was able to get root! thanks :slight_smile:

Got root, user is more difficult than root
Hints:
User

You have to play with B***** in a**/A*****, once you get there use the famous tool and craft the payload accordingly here box name will help you (no need to create separated Windows VM)

Root

I will say whether one like it or not you must try fries made of ‘Juicy Potatoes’, they are awesome.

Hope: I didn’t spoil it :slight_smile:

Finally rooted, lots of reading but good fun.

If people are stuck or have questions happy to lend a hand just PM me.

Information in the forum is good enough, once you get the tools working for user is straightforward.

Root if you get the exploits (hints in the forum) seemed pretty straight forward and lovely process if you use a vegetable

Learned a lot with this box.

rooted.
PM for hints.
Discord - fashark#5862

I think everything is working to get shell but I can’t seem to get shell. I tried different payloads including the python reverse shell but nothing seems to connect. I don’t know whats going on. Do I need %20 on my spaces or something? I get a 200 response but how do I tell it’s working? btw this is my first time trying to get shell on Windows.

c:\>whoami
nt authority\system

Done! User part was ■■■■ hard for me!
I used my own Win VM for the tool testing and checking. When I realized structure of the payload, by Burp done rest user exploitation
For root: I took easy way, but will check the hard way also.

I am having serious issues establishing a foothold on this one. Can anyone provide pointers, please? I have tried looking at SMB (Netbios), FTP and I’ve only managed to log in with some useless credentials on the webapp.

I have tried like every ‘veggie’ variant I can find and they all fail. I feel like I’m taking crazy pills. Was this thing patched? I’ll give you $1 mil in internet money.

I also can’t figure out the custom way to privesc. I found the local service, and associated exes and related files. Nothing I’ve tried works. A nudge in this area will get you an additional $1 mil in internet money,

Finally rooted via a very lovely spud if I do say so myself. Would still love a nudge on the intended way to root.