Traceback

@alalno said:

Are you talking about w** s**** hint?? How do you access it without uploading??

You don’t need to upload any web shell. The “evil hacker” who defaced the website already left one for you on the server. You just need to find it via basic OSINT/Google-fu :wink:

Is Box Broken?

@TheUndergrad said:
Is Box Broken?

Just tried. The initial foothold and also user are working fine. Couldn’t test root, since the box just got reset.

@TheUndergrad said:

Is Box Broken?

Lots of people dont understand what they are seeing and reset the box because they dont get the response they expect. This means that for about 20% of the time the box is probably rebooting.

can someone plzz give me nudge on root…

Hey all! Just finished rooting this box, thanks Xh4H for the fun machine!

My hints:
User: Not every webpage is as it appears… try inspecting further into the message left by the creator. Finally, google away! List out your ideas if it helps.
Root: Basic unix enumeration tools should help you here. Pspy is great and will help to know when your target is run so you can trigger it yourself.

Feel free to message me for any hints or nudges!

@thescriptkiddy said:

can someone plzz give me nudge on root…

Enumeration.

And SSH can trigger things.

Type your comment> @TazWake said:

@thescriptkiddy said:

can someone plzz give me nudge on root…

Enumeration.

And SSH can trigger things.

ik bout 00-h***er but still i dont know what to do :confused:

@thescriptkiddy said:

ik bout 00-h***er but still i dont know what to do :confused:

Well, in very general terms - make it suit your needs, then get it to trigger.

People are really messing up the box… They’re deleting luvit ?

Type your comment> @spowlay said:

People are really messing up the box… They’re deleting luvit ?

yea. There was a group of people deleating it earlier and then blocking resets. Most of the vip labs are ok. Idk about the free ones

Just rooted the box! User was quite fun and easy. Root was challenging for me, but thanks to some nudges from @ChefByzen I was finally able to get root! Learned a lot of new things doing this machine!

  • Foothold: Enumerate everything you see and don’t only rely on tools, but also follow some hints manually.
  • User: Once you’re on the machine, there’s a tool available on the machine that you might want to use. Hints for that can be found were you’ll probaly look anyway to own user.
  • Root: Enumerate the machine and try to understand the processes that run on it. Great tools for that have already been named here in the thread. Find a way to exploit these processes - to do that, you should find a way to go into the box from the front door, instead of the back door.

finally rooted, thanks a lot for pointing to the right direction @HomeSen !!! Nice box , root needs to play with the sleeping time for system

I just redid the machine after the patches and still so funny how everyone tries to upload his own rshell xD

little hint because a lot are stuck at the part with the new language:

you can use gtfo for more than only root…
… and if the first command doesnt work maybe you didn’t try hard enough!

So many people uploading shells, and deleting files. :smiley:

EDIT - Got user - cheers @h3105 . Working on root. :wink:

My tip for user… some processes don’t work so well running non-interactive

A short & enjoyable box. - Nice one Xh4H

Easy but funny box, thanks @Xh4H

Got root. Box needed to be reset as someone messed with the files again…

Cheers to @nyckelharpa for the pointers

got syin user, ran py , aware of 00-h*, and have no idea how yo advance from here.

need help pls :frowning:

Rooted, fun box !