One of my favorite boxes rooted thus far. Real life applicable, but challenging. Shout out to @rotarydrone for the box, well done, looking forward to any other box you may create in the future.
PM me for hints/nudges, more then happy to help
One of my favorite boxes rooted thus far. Real life applicable, but challenging. Shout out to @rotarydrone for the box, well done, looking forward to any other box you may create in the future.
PM me for hints/nudges, more then happy to help
rooted.
PM if u facing any difficulty.
Finally rooted.
Pretty cool box. Sort of real world-like.
My advice for anyone.
Initial Foothold:
Initial Shell:
User:
Root:
All in all, an awesome experience.
Happy for PMs if anyone else is stuck. Happy holidays all!
I’m stuck. I found creds for d*** user and ssh-key but I couldn’t find how to get user or shell. Can someone give me some hints
rooted with love <3
i lost lot of time on user
i didnt know that i need to change some permission on ssh private key
anyway good learning experience
rooted!
Got user, finally.
But I’m not getting how to use this V**** T****.
Can someone give me a Nudge?
rooted!
very good machine, also this a real machine
feel free to ask
serious performance issues right now on the machine. can only intermittently ping the box and the target port did not show up on all initial scans.
root@craft:~# id
uid=0(root) gid=0(root) groups=0(root)
Wow! Awesome box. Thanks to author for that! And reference to the Silicon Valley was fun
Nevermind I was typing my own IP address as off by one. Remember kids always check your typing. Because that can be your mistake. Take a break and then look at what you’ve done.
Seriously, I need to check for typoes. It makes me feel even dumber than I usually do doing these flags.
I feel like I should change my sig to “Easily defeated by inability to use keyboard.”
But overall, machine was a ton of fun. had me wanting to pull out my hair, feeling like a gigantic idiot. And once again turns out I’m overlooking the obvious.
Hi, I have an issue getting user.
After finding the s** p****** k**, if I use it on the one not at the usual port, I get asked for the k** password. If I input the one of the user g******* the connections hangs. If I run s** with the -vvvv flags it hangs at:
debug2: channel 0: open confirm rwindow 2097152 rmax 32768
.
I’ve tried connecting from a VM and another host, from 2 different networks, having the VPN configured to use udp and tcp and also both the solutions described here https://wiki.debian.org/SSH#SSH_hangs
Can someone help me?
Thank you
EDIT: Solved, thanks to @kiaora
Hello guys,
Anyone online to give a hint or two on how I can make my exploit work? Tried 2 days a lot of things and I cant figure out why it’s not working =/
Thanks
stuck at trying to get a reverse shell - I’m sending commands but not even receiving my ping back. any nudge will be greatly appreciated.
Is this app running inside an alpine d****r image or is just me?
rooted! this was my first box and i’m really happy i made it to root. Don’t think i would have made it without this forum though
Finally!
root@craft:~# id
uid=0(root) gid=0(root) groups=0(root)
Ping me if you need help!
Rooted! Super fun box, it’s only missing a bit of Jian Yang
Foothold: Enumerate, look at recent changes, spot, exploit, profit.
User: You don’t need to get out of the jail per se. Just look at what you can find there.
Root: RTFM, quite literally!
Got the user going for root. Foothold took me 3 days because couldn’t get a reverse shell or the shell was killing instantly. After that everything was pretty straightforward
Rooted the machine couple of days ago, thanks to @kiaora and @OrenIshay for help me understand what I did wrong with the exploit =D
Very nice machine, had a lot of fun searching for the pieces of information needed, indeed very realistic challenge =)