Traceback

Easy box even for a noob like me, but very fun nonetheless, and also learned something new.
The only frustrating thing is people keep resetting it or overwriting stuff. So my suggestion is to write down your commands so you can copy-paste em when you will have inevitably to restart from the scratch :tired_face:

Cool box, useful to refresh some basics in priv esc

For user:
Search that comment

For root:
Maybe something is writable

Just got root.txt
Jeez so instable terrible …

Cool box @Xh4H
But cudos to the author :slight_smile:

Just people spoiled the good intentions by resetting and deleting and overwriting stuff :frowning:

Finally

root@traceback:/# id
uid=0(root) gid=0(root) groups=0(root)

Thanks for your words! Indeed resets are crazy. I did not expect users to remove necessary files from foothold, and so on.

So, at the time writing this, I am running a few small changes on permissions to ensure the stability of said files.

Going to get back for root in the middle of the night, when people are not messing with the box.

Resets are crazy, webshell is down

I’m actually very disappointed in this crowd who are deleting files for no reason and even deleting some very crucial parts of this box. It partially feels like it’s an attempt to DOS other people from working on the machine which is unacceptable. It’s not the moderator’s fault or anyone else’s fault except those who are intentionally deleting things to prevent others from moving forward. You’re not impressing anyone, just hindering others from making progress. Not even sorry for the rant because I’m sure I speak for a lot of people who may think the same right now…

@Xh4H Thanks a bunch for stabilizing the box, it’s been unplayable since last night. Will try again now

Rooted. Decent, actually easy difficulty box. Kudos to creator :slight_smile:

My only complaint is like the others above: it’s really easy to mess up the box, by modifying the crucial parts. Also, contestants leave traces all over the place, leaving unintended hints for everyone else. Which is a shame because the box can be done very cleanly but most of the crowd seems to lack decency or skill to do so. And I’ve been working on VIP, it’s scary to think what’s happening on public servers.

At least dev/nulling the .bash_history would be a good idea. Also, preventing a certain executable from being writeable might bring some order to the machine.

Tips:
Low priv user: OSINT, then basic enumeration
User: Basic enumeration. then you might need to learn new language revshell. The breadcrumbs are there in case someone missed one of the most basic recon commands
Root: Find editable executables, thing when they can be executed, exploit

PM for nuggets.

@HumanFlyBzzzz said:

@Xh4H Thanks a bunch for stabilizing the box, it’s been unplayable since last night. Will try again now

The changes will be live tomorrow, we usually leave saturday and sunday with the boxes as-they-are unless something critical happens. Hopefully the amount of resets go down tomorrow… I have also removed wall binary as i have heard a lot of people are abusing it…

Rooted: nice box thanks. Learned something new with the priv esc.
Standard dir busting wont yield much for the foothold. Focus on the source of the matter.

Sadly the box is getting corrupted due to ppl screwing up commands.

Interesting Box, definetly something new I haven’t encountered before.

User: OSINT, use the information that the box provides you (no bruteforcing required)
Root: Enumerate. Timing is all you need.

For nudges feel free to pm me

Fixes incoming …

I am pretty new to OSINT, need help for initial foothold.

For automating (in the face of people resetting the box):

  1. Burp suite copy as curl (or your browser)
  2. One off SSH commands: How to use SSH to run a local shell script on a remote machine? - Stack Overflow (heredocs are cool to learn about anyway ^^)

Got in through what was already there, struggling to move forward because of people DDoSing/resetting/griefing the system.

edit: reset again. want to scream.

Guys pls fgs do not reset the machine :frowning:

Rooted.Thx :slight_smile: Nice box

maaann too many trolls. Waiting for those fixes to take effect from @Xh4H :slight_smile: