Registry

Well that was a challenge and then some. Thanks to all who have left cryptic hints on here, even though I found them as frustrating as the box itself at times. Lots of stuff learnt in the process of getting this box and probably the most satisfying root prompt Iā€™ve ever got.

Hi all,
I am currently on user b***. Canā€™t seem to find a way to get my reverse shell to work as it keeps timing out. Looks like outbound connections are blocked or something. Can someone give me a tip on how to work around this? What am I missing/do I need another approach?

update: figured it out

Stuck at the foothold from much time, the d****.r****y.h not showing any kind of results.
If anyone could give a direction itā€™ll be appreciated

Great box @thek !! Very hard root for me!

Rooted
PM for help :slight_smile:

Hi, I pulled b***-i****, used top/top creds and enum. no idea. found not too much except ~/.s** folder with config and keys. Tried playing with s** -i login but nope, nothing has worked :confused:

Can anyone put me on the right track, please? I have been hitting the wall for a few days.
Help will be greatly respected and appreciated.

Very very good box, enjoyed it a lot end to end. Thanks @thek, my favorite linux box so far!

Super fun and challenging box with a variety of exercises, much appreciation @thek! Did anyone succeed in getting a root shell? Or getting root flag in a serverless manner?

My advice:
Gaining a foothold: Look around until you find a weird response, encoded inside it there is a hint pointing to a useful sub. Learn about that technology and think about the box name to figure out how to use the sub ā€“ think lazy for auth (thanks @reverse1!!). Sniff around in your new environment until youā€™ve found to find a useful config, itā€™s a little dusty but probably still works just fine.

U1 ā†’ U2: Try to establish a strong web presence with info you extract using U1 powers.

U1 ā†’ root: Think about a super awesome Linux privesc technique and find out what you can do. Looks like you can trick Midas into moving his gold to a location of your choice, which seems fantastic until you realise you donā€™t have the ability to see them! ? Just when youā€™re nearing tears because you canā€™t see the results of your effort, remind yourself youā€™re still a 1337 hax0r, and probably just need a nap. After you curl up and get some rest, (with complete disregard for your safety given your position in the enemyā€™s lair), youā€™ll find the answers come to you in a restful dream ā€“ seems like restrictions donā€™t transfer into the sleep realm.

Happy to help if if anyone needs a nudge on this amazing box!

Iā€™ve been spending hours now, escalated to user2, but stuck on rootā€¦ Donā€™t know where to ā€˜restā€™ my handsā€¦ Any nudges will be gratefull! :dizzy:

Edit: Rooted. I didnā€™t consider the traditional methods of FT. :wink:

Hi folks,
Anyone have a nudge about user2? I m logged on the c*s, got the webshell but cannot have a bind or reverse shell witj the cat. Any nudges would be really welcomed
Thanks a lot.

Rooted! Great box, although root gave me some pain. Many times I got stuck at little things, but learned a lot!

Can someone please help me with box? Iā€™m trying to get the server binary to b*** user machine but seems like the the file is too big or something to be transferred?

root@bolt:~# whoami
root
root@bolt:~# id
uid=0(root) gid=0(root) groups=0(root)

Finally after banging my Head for so long ! One of the best box that Iā€™ve done so far !
Hints :- Enumerate , read the docs !
PM for nudges !

Rooted.
It was enjoyable after getting the initial foothold, but boy did I get frustrated with that. Deep down a rabbit hole trying to understand d****r client certificates for hours!

Thanks @Propolis for the encouragement.

ı got an error on getting root
repo problem about r****c
can anyone help me on root part?

Finally rooted this machine! PM if you need nudges

First hard box! It was quite an interesting 2-3 day trip.

Foothold: Once you get to d*****.*****./v* think super lazy. I wasted more time than Iā€™d like to admit on that part, and I have no excuse.
Foothold ā†’ U1: Think about the box name/subdomain and read the docs.
U1 ā†’ U2: Find a piece of data.
U2 ā†’ Root: Enumerate a little and read a lot! Once you figure out how to use this technology, figure out a better way around the network limitations with the access you do have.

I can bypass and get a shell uploaded but when I try to execute it, it just downloads the file :S

hi,
someone could give me push to user2? i found login page and got adm hash from b***.b
but canā€™t get pass
**d for accessā€¦
Thanks

update: nevermind got it

Hey! Can anyone help me on getting the webshell for user 2? Iā€™ve already gotten a login for the service, but cant upload anything usefulā€¦
Thank you!