Well that was a challenge and then some. Thanks to all who have left cryptic hints on here, even though I found them as frustrating as the box itself at times. Lots of stuff learnt in the process of getting this box and probably the most satisfying root prompt Iāve ever got.
Hi all,
I am currently on user b***. Canāt seem to find a way to get my reverse shell to work as it keeps timing out. Looks like outbound connections are blocked or something. Can someone give me a tip on how to work around this? What am I missing/do I need another approach?
update: figured it out
Stuck at the foothold from much time, the d****.r****y.h not showing any kind of results.
If anyone could give a direction itāll be appreciated
Rooted
PM for help
Hi, I pulled b***-i****
, used top/top creds and enum. no idea. found not too much except ~/.s**
folder with config
and keys
. Tried playing with s** -i
login but nope, nothing has worked
Can anyone put me on the right track, please? I have been hitting the wall for a few days.
Help will be greatly respected and appreciated.
Super fun and challenging box with a variety of exercises, much appreciation @thek! Did anyone succeed in getting a root shell? Or getting root flag in a serverless manner?
My advice:
Gaining a foothold: Look around until you find a weird response, encoded inside it there is a hint pointing to a useful sub. Learn about that technology and think about the box name to figure out how to use the sub ā think lazy for auth (thanks @reverse1!!). Sniff around in your new environment until youāve found to find a useful config, itās a little dusty but probably still works just fine.
U1 ā U2: Try to establish a strong web presence with info you extract using U1 powers.
U1 ā root: Think about a super awesome Linux privesc technique and find out what you can do. Looks like you can trick Midas into moving his gold to a location of your choice, which seems fantastic until you realise you donāt have the ability to see them! ? Just when youāre nearing tears because you canāt see the results of your effort, remind yourself youāre still a 1337 hax0r, and probably just need a nap. After you curl up and get some rest, (with complete disregard for your safety given your position in the enemyās lair), youāll find the answers come to you in a restful dream ā seems like restrictions donāt transfer into the sleep realm.
Happy to help if if anyone needs a nudge on this amazing box!
Iāve been spending hours now, escalated to user2, but stuck on rootā¦ Donāt know where to ārestā my handsā¦ Any nudges will be gratefull!
Edit: Rooted. I didnāt consider the traditional methods of FT.
Hi folks,
Anyone have a nudge about user2? I m logged on the c*s, got the webshell but cannot have a bind or reverse shell witj the cat. Any nudges would be really welcomed
Thanks a lot.
Rooted! Great box, although root gave me some pain. Many times I got stuck at little things, but learned a lot!
Can someone please help me with box? Iām trying to get the server binary to b*** user machine but seems like the the file is too big or something to be transferred?
root@bolt:~# whoami
root
root@bolt:~# id
uid=0(root) gid=0(root) groups=0(root)
Finally after banging my Head for so long ! One of the best box that Iāve done so far !
Hints :- Enumerate , read the docs !
PM for nudges !
Rooted.
It was enjoyable after getting the initial foothold, but boy did I get frustrated with that. Deep down a rabbit hole trying to understand d****r client certificates for hours!
Thanks @Propolis for the encouragement.
ı got an error on getting root
repo problem about r****c
can anyone help me on root part?
Finally rooted this machine! PM if you need nudges
First hard box! It was quite an interesting 2-3 day trip.
Foothold: Once you get to d*****.*****./v* think super lazy. I wasted more time than Iād like to admit on that part, and I have no excuse.
Foothold ā U1: Think about the box name/subdomain and read the docs.
U1 ā U2: Find a piece of data.
U2 ā Root: Enumerate a little and read a lot! Once you figure out how to use this technology, figure out a better way around the network limitations with the access you do have.
I can bypass and get a shell uploaded but when I try to execute it, it just downloads the file :S
hi,
someone could give me push to user2? i found login page and got adm hash from b***.b
but canāt get pass**d for accessā¦
Thanks
update: nevermind got it
Hey! Can anyone help me on getting the webshell for user 2? Iāve already gotten a login for the service, but cant upload anything usefulā¦
Thank you!