Registry

Great box @thek !! Very hard root for me!

Rooted
PM for help :slight_smile:

Hi, I pulled b***-i****, used top/top creds and enum. no idea. found not too much except ~/.s** folder with config and keys. Tried playing with s** -i login but nope, nothing has worked :confused:

Can anyone put me on the right track, please? I have been hitting the wall for a few days.
Help will be greatly respected and appreciated.

Very very good box, enjoyed it a lot end to end. Thanks @thek, my favorite linux box so far!

Super fun and challenging box with a variety of exercises, much appreciation @thek! Did anyone succeed in getting a root shell? Or getting root flag in a serverless manner?

My advice:
Gaining a foothold: Look around until you find a weird response, encoded inside it there is a hint pointing to a useful sub. Learn about that technology and think about the box name to figure out how to use the sub – think lazy for auth (thanks @reverse1!!). Sniff around in your new environment until you’ve found to find a useful config, it’s a little dusty but probably still works just fine.

U1 → U2: Try to establish a strong web presence with info you extract using U1 powers.

U1 → root: Think about a super awesome Linux privesc technique and find out what you can do. Looks like you can trick Midas into moving his gold to a location of your choice, which seems fantastic until you realise you don’t have the ability to see them! ? Just when you’re nearing tears because you can’t see the results of your effort, remind yourself you’re still a 1337 hax0r, and probably just need a nap. After you curl up and get some rest, (with complete disregard for your safety given your position in the enemy’s lair), you’ll find the answers come to you in a restful dream – seems like restrictions don’t transfer into the sleep realm.

Happy to help if if anyone needs a nudge on this amazing box!

I’ve been spending hours now, escalated to user2, but stuck on root… Don’t know where to ‘rest’ my hands… Any nudges will be gratefull! :dizzy:

Edit: Rooted. I didn’t consider the traditional methods of FT. :wink:

Hi folks,
Anyone have a nudge about user2? I m logged on the c*s, got the webshell but cannot have a bind or reverse shell witj the cat. Any nudges would be really welcomed
Thanks a lot.

Rooted! Great box, although root gave me some pain. Many times I got stuck at little things, but learned a lot!

Can someone please help me with box? I’m trying to get the server binary to b*** user machine but seems like the the file is too big or something to be transferred?

root@bolt:~# whoami
root
root@bolt:~# id
uid=0(root) gid=0(root) groups=0(root)

Finally after banging my Head for so long ! One of the best box that I’ve done so far !
Hints :- Enumerate , read the docs !
PM for nudges !

Rooted.
It was enjoyable after getting the initial foothold, but boy did I get frustrated with that. Deep down a rabbit hole trying to understand d****r client certificates for hours!

Thanks @Propolis for the encouragement.

ı got an error on getting root
repo problem about r****c
can anyone help me on root part?

Finally rooted this machine! PM if you need nudges

First hard box! It was quite an interesting 2-3 day trip.

Foothold: Once you get to d*****.*****./v* think super lazy. I wasted more time than I’d like to admit on that part, and I have no excuse.
Foothold → U1: Think about the box name/subdomain and read the docs.
U1 → U2: Find a piece of data.
U2 → Root: Enumerate a little and read a lot! Once you figure out how to use this technology, figure out a better way around the network limitations with the access you do have.

I can bypass and get a shell uploaded but when I try to execute it, it just downloads the file :S

hi,
someone could give me push to user2? i found login page and got adm hash from b***.b
but can’t get pass
**d for access…
Thanks

update: nevermind got it

Hey! Can anyone help me on getting the webshell for user 2? I’ve already gotten a login for the service, but cant upload anything useful…
Thank you!

Type your comment> @dvargasj said:

Hey! Can anyone help me on getting the webshell for user 2? I’ve already gotten a login for the service, but cant upload anything useful…
Thank you!

you can upload whatever you want, just tell it to…

So is the w**-**** user the user2 or user1? Normally this would be an initial foothold rather than a path to root, but I got user.txt without compromising that one.

Also getting 404s every time I try to rename… something… to get w**-**** user, am I on the right track here?

EDIT: I also tried to rename something very benign to something else very benign, no funny business, and still got the 404s.

that would be user 2. > @OrangeHat said:

So is the w**-**** user the user2 or user1? Normally this would be an initial foothold rather than a path to root, but I got user.txt without compromising that one.

A bit of back and forth with this one, but path to root involves these users: b* → a* → w* → root

Also getting 404s every time I try to rename… something… to get w**-**** user, am I on the right track here?

EDIT: I also tried to rename something very benign to something else very benign, no funny business, and still got the 404s.

You are but no need to rename anything