ForwardSlash

Spoiler Removed

Rooted at last. This machine was quite cool. A very nice mix of techniques. Congrats to the creators for it!

In case you need a nudge:

  1. Once you get into the correct place, be a hero and point all the guns at yourself. If you’re lucky enough you’ll catch the bullet mid-air.
  2. Pretty standard technique to go from user A to user B. Enumerate!
  3. For root, sometimes you don’t need a key to open a broken door. Just focus on the cracks.

@munra said:

  • Once you get into the correct place, be a hero and point all the guns at yourself. If you’re lucky enough you’ll catch the bullet mid-air.

What kind of hint is this ?

I rooted, but I don’t quite understand why what I did works. If someone can explain the c****o part to me, that wouuld be much appreciated.

Type your comment> @clubby789 said:

I rooted, but I don’t quite understand why what I did works. If someone can explain the c****o part to me, that wouuld be much appreciated.

Any hits ?

My enum game is weak on this one, only found the text and can’t bust anymore from the ‘clue’ :frowning:

Edit:
nvm being lazy

Type your comment> @fmwd said:

Type your comment> @clubby789 said:

I rooted, but I don’t quite understand why what I did works. If someone can explain the c****o part to me, that wouuld be much appreciated.

Any hits ?

Consider doing one of the easier boxes first. The box has only been up for 12 hours…

Is password from *.php rabbit hole?

Type your comment> @ls4cfk said:

Is password from *.php rabbit hole?

Try reading all php files you can. You must have seen something like Unauthorized

user: read notes, find location, signup and use text fields, bond something together to escalate
root: enumerate, routine check and get the right way, open you eyes, is there

root@forwardslash:~# ifconfig | fgrep 10. | awk ‘{print $2}’
10.10.10.183
root@forwardslash:~# id
uid=0(root) gid=0(root) groups=0(root)

foxlox

So far loving the “Please take care of our planet, we only have one.”

EDIT: And rooted. Really nice box but I fell into too much rabbit holes…
Thanks to InfoSecJack & chivato for this great box!

After you’ve rooted, please, undo everything you’ve done and clean up. Stop leaving the door open.

Any hint about crypto?

Type your comment> @ls4cfk said:

Any hint about crypto?

stuck on it

Please help I have been fuzzing for hours for both x*l and p*p but found nothing yet…
EDIT: Alright now i have lfi and rfi but how do I upgrade to rce?

Same here… I only found that message, but that and the main page lead me to nothing. Fuzzing a lot, manually and using automated scripts, but didn’t find anything to move forward.

Wait what that message even help us?
Any hint my mind became blank after that… Nudge will be helpful

Enumeration is key for most of the first part of this box.
Think about the types of files you could find in a web directory then think about directory structure.

@segf4ul7 said:
Type your comment> @ls4cfk said:

Any hint about crypto?

stuck on it

Read it, decrypt it. It’s all in front of you. (Not referring to the creds you find) You will know what I mean when you reach it.

Do I need to fuzz dir to get b***** ?

Edited. I got this step. No need fuzz dir .