enumeration was really easy, lucky me, in past days a was reading about vulnerabilities in d***** so, obtain access to shell was easy after found the first 3 files, user 2 ■■■, really good challenge, i used a backdoor through my first con, and finally root, Good Lord, after read the manual and view the command was not sure if DIY apply so I ask to other users but the answer not was really usefull.
well this is my hints.
Start → the challenge is make technology your friend, this is friendly if you ask.
User1 → The funny thing is with the enum you obtain this access just puth J*** to work.
User2 → Now i can see other ways, but in fact, for my i took the easy to backdooring my connection, think about it, if front is bloked so…
root → I like when challenge its really about how you can manipulate the instruccion, its easy, think in what do you need to make work this stuff…
as always, thanks to @backslasht for the machine, and thanks to everyone for the hints.
Hello,
I’m stuck. Can’t login with s** on the machine. I founded the private document with the password, impossible to use it for ssh.
Anybody have an hint ?
Thx !
Lots of hints already on here so I’m not gonna troll by reiterating whats already here. What I would say is that, after a few weeks of mulling it over, this is absolutely one of my favorite ever boxes. The entire thing, imo, was epic from start to finish. Happy to provide nudges on via DM / Discord (5ysk3y#6172) for those who are stuck.
Very cool box, being a borgbackup guy myself, it was fun to play with r***.
Another hint that cost me some time: There’s something in the way going outbound from the box, but you already have SSH. Always remember your options…
Stuck at b*** user, found b*** cms files and r***** cli app but got no clues on how to proceed. Can’t find a way to login into the cms, can’t upload a file, just the index.php page. Can someone give a nudge? Thanks!
Edit: Found a hash on b***.d*, cracked it, but don’t know where to input it…
Very cool box so far, I’m just struggling with the last root step.
I keep getting the following error
! EOF ReadFull main.read Password - unable to read password||
Received nudges from multiple other users so far that have all told me I’m doing the right thing yet I still get the error shown above. Weird stuff. Gotta try harder
Edit :
And as it always goes, I cracked it 30 minutes later. Great box!
I’m so close, and so annoyed. Can’t root via d***** , as I’m 32 and not 64. 2 days of my life I wish I’d spent elsewhere! If anyone knows an unintended method, I’d appreciate a nudge over PM as I can’t do it the intended way(unless I’m missing something?)
Edit - Now done. Definitely don’t look at this if you running the Kali OSCP exam VM as your base.
Need someone to kindly give me a nudge, I’m running the d***** im*** and I can see that I can ssh to the remote box but I can’t seem to crack the passphrase for the ssh key?
edit2: rooted, but i think someone had borked the box a bit, had to reset it before i could do my exploit to pivot to second user, that was a really fun box