Registry

After ~2 weeks, finally I rooted this box. Thanks to @0X44696F21 and especially @STY for the patient guidance.

Time to pay it forward, send me a msg in the forums if you’re stuck.

rooted without getting a full root shell… if anyone could PM me about it, would appreciate.

good box but kind of frustrating. was blocking outbound traffic and removing rename/delete/… functions from B**t C*S really necessary ?

Anyway… learned a lot about the container software and backups :slight_smile: thanks!

I’ve been trying to get onto 2nd user for days…anyone online who can give me a nudge to get webshell up?

EDIT: Got the nudge i needed… thank you CM!

Rooted, I remembered as I root the Craft box, same style of root by reading document LOL, but this box is much harder.

User: Check HTTP header and google you will find something. Download all files you will see and look harder.

Root: You will go checking that directory and you will find something. Try switch to second user from what you got (a little bit tricky and you have to be fast). After get shell as second user, you should see something and time to read document LOL.

PM if you got stuck (here or better Telegram @Zer0xdz), because it is the first hard box for me too :smiley:

Rooted this almost 3 weeks ago. Thanks for all your help. need a good enumeration to get the user. root is very hard because of that task script lol.

Rooted! First hard box and last one for pro hacker :slight_smile:

Superb box, very fun experience in the end once you survive all the frustrating hoops for root. Thanks, @thek !

I think there is enough guidance for user. For root, think about the reason your exploits may not be working. What limitations do you have to deal with? Once you are at the final step, check your TTY. This cost me a lot of precious hours.

Good luck! PM is open for nudges.

Oh boy, I spend so much time overcomplicating the second user shell :smiley: Then I found out that it was all about timing.
However, thanks, @thek ! Nice box !

Rooted :wink:
@Zer0xdz thanks alot for help.
PM for nudges.
Discord fashark#5862

could use a nudge for initial foothold, pulled down the image locally and am looking around but not finding anything. Well, i found a certain hash but since i’m noob i have no idea how to crack it, mind you it was 4am when i found it so maybe i was just too brain dead to really get into but please PM for nudges!!! I keep hearing that there a key laying around which was what i was really looking for but i had no luck.

This one was challenging for me but I also learned a lot and really enjoyed it. Thank you!

Got user as b**t through ssh after some heavy enumeration!!!

Could use some help with r****c for getting root. I know i’m missing stuff, PM me pls :slight_smile:

any nudges for w**-d**** user? i THINK i know what i need to do, i just can’t figure out how to do it properly…

Rooted!

Nice box, if need help you can ask me in dm or in discord Noi#5588

Type your comment> @xolan said:

any nudges for w**-d**** user? i THINK i know what i need to do, i just can’t figure out how to do it properly…

See if you can exploit an application that runs as that user :slight_smile: Everything you need is known or can be guessed.

Finally rooted, thanks @foxlox for the help with the final missing piece :slight_smile: Also thanks to @thek for creating the box. It was a very interesting box with multiple hoops to jump through, but none of them particularly annoying once you figure them out. I exploited rc bp for root.txt, but didn’t get a root shell. Would be interested to find out the “hard” way people are talking about.

There are plenty of hints in the thread already, so I won’t add any. Feel free to DM me if you need more specific hints.

could use a nudge…downloaded contents of b****/s*****: …have looked around…not entirely sure what to do with this information

i found a hash as w**-d*** for admin
is this a rabit hole? i am not able to crack the hash.

Hey guys,
I’ve been stuck for a while now trying to get access to user w-d
I have creds and have logged in to the secret /b…/b… page but not sure how to get code execution
If I could get a nudge that’d be awesome thanks :smiley:
[edit: got it !]

I also need a nudge on getting shell in the b*** c** … i have access to the dashboard but cannot figure for the sake of frustration how I can upload or rename. Someone pls pm

This is a very frustrating box! xD I have found the exploit code to get the second user. I amended it to match the config on the box, I ran it and the first time it half worked (people who have been past this stage will know what I mean). Every attempt since has failed! I’ve reset the box and it still fails! :frowning:

And yeah, I am trying harder! xD