Traceback

I’m actually very disappointed in this crowd who are deleting files for no reason and even deleting some very crucial parts of this box. It partially feels like it’s an attempt to DOS other people from working on the machine which is unacceptable. It’s not the moderator’s fault or anyone else’s fault except those who are intentionally deleting things to prevent others from moving forward. You’re not impressing anyone, just hindering others from making progress. Not even sorry for the rant because I’m sure I speak for a lot of people who may think the same right now…

@Xh4H Thanks a bunch for stabilizing the box, it’s been unplayable since last night. Will try again now

Rooted. Decent, actually easy difficulty box. Kudos to creator :slight_smile:

My only complaint is like the others above: it’s really easy to mess up the box, by modifying the crucial parts. Also, contestants leave traces all over the place, leaving unintended hints for everyone else. Which is a shame because the box can be done very cleanly but most of the crowd seems to lack decency or skill to do so. And I’ve been working on VIP, it’s scary to think what’s happening on public servers.

At least dev/nulling the .bash_history would be a good idea. Also, preventing a certain executable from being writeable might bring some order to the machine.

Tips:
Low priv user: OSINT, then basic enumeration
User: Basic enumeration. then you might need to learn new language revshell. The breadcrumbs are there in case someone missed one of the most basic recon commands
Root: Find editable executables, thing when they can be executed, exploit

PM for nuggets.

@HumanFlyBzzzz said:

@Xh4H Thanks a bunch for stabilizing the box, it’s been unplayable since last night. Will try again now

The changes will be live tomorrow, we usually leave saturday and sunday with the boxes as-they-are unless something critical happens. Hopefully the amount of resets go down tomorrow… I have also removed wall binary as i have heard a lot of people are abusing it…

Rooted: nice box thanks. Learned something new with the priv esc.
Standard dir busting wont yield much for the foothold. Focus on the source of the matter.

Sadly the box is getting corrupted due to ppl screwing up commands.

Interesting Box, definetly something new I haven’t encountered before.

User: OSINT, use the information that the box provides you (no bruteforcing required)
Root: Enumerate. Timing is all you need.

For nudges feel free to pm me

Fixes incoming …

I am pretty new to OSINT, need help for initial foothold.

For automating (in the face of people resetting the box):

  1. Burp suite copy as curl (or your browser)
  2. One off SSH commands: How to use SSH to run a local shell script on a remote machine? - Stack Overflow (heredocs are cool to learn about anyway ^^)

Got in through what was already there, struggling to move forward because of people DDoSing/resetting/griefing the system.

edit: reset again. want to scream.

Guys pls fgs do not reset the machine :frowning:

Rooted.Thx :slight_smile: Nice box

maaann too many trolls. Waiting for those fixes to take effect from @Xh4H :slight_smile:

got root.

summary of everything that have already been said before:

Foothold: read the page, find some interesting things & google this “interesting thing”. Once you think you find it, be patient and test everything you found.

User : I suggest you get a proper shell, then everything is in front of you in plain sight. A command that you should always be running will get you to user’s flag.

Root: There was a box with a very similar flaw couple of months ago. Use pspy to get the root’s flag (or shell or anything, really). Read carefully the output and focus on permissions.

Ping me if you are stuck. However do not ping me without a description of what you have done already. The initial foothold might take you a while, but once you think about what is author telling you, you’ll get in easily.

Good luck

Hi
I have found the hint for OSINT on the website and found the “directory” W *** S ***** in my google search.
But I don’t know what to do next.
I don’t know what W ** S **** I should use and how I should use it
Any hint guys?
thx :c

rooted

very straight forward the whole way and really fun. Lots of great hints in the forum as well.
Learned something new with root and thought it was pretty sweet. Definitely did remind me of a previous box which helped a bit.

I will never finish this box…

Reset after reset

Spoiler Removed

Type your comment> @DrayAgha said:

I’m stuck as webadmin. I keep trying to run L*a reverse shells through the path from sudo -l, but I’m getting nowhere. Can anyone offer advice?

Same here. I try to import a ssh key but i have errors running the .lua file.

@sakas4 said:
Type your comment> @DrayAgha said:

I’m stuck as webadmin. I keep trying to run L*a reverse shells through the path from sudo -l, but I’m getting nowhere. Can anyone offer advice?

Same here. I try to import a ssh key but i have errors running the .lua file.

Same:(