ForwardSlash

I think I need some hint for the user.
I found the new location, then go to p*************.**p, I think I must use it to access /***/ but then I don’t know what to do. I tried some request (through the first page) but nothing happens.

Am I on the right way ?
If so, what must I do ?

Edit : got user thx xa4 & FailWhale

rooted ! This is hard and great box.
I spent a lot of time on c****o part.

stuck in the cipher any hint would be helpful

.

@heraenshah05 said:

stuck in the cipher any hint would be helpful

Same here. Already been throwing rocks and whatnot against it, but not getting back anything useful :confused:

Type your comment> @heraenshah05 said:

stuck in the cipher any hint would be helpful

Same here, any nudges?

The defaced site on port 80 doesn’t show any more?, is it normal or its just me?.

Type your comment> @nav1n said:

The defaced site on port 80 doesn’t show any more?, is it normal or its just me?.

It should be visible. Atleast it is on my machine

I started working on the machine yesterday and I noticed the defaced website, I even have the screenshot made for my writeup. But today when I started again, I don’t see any website. The direct IP access redirects to http://forwardslash.htb/, I don’t see any website, instead I have regular Firefox error “Hmm. We’re having trouble finding that site.”.

I had reset the machine a couple of times, change LAB to US VIP and retuned back to EU VIP, same, its weird!!!

Something wrong with the machine?, did anyone noticed this behaviour?

Type your comment> @nav1n said:

I started working on the machine yesterday and I noticed the defaced website, I even have the screenshot made for my writeup. But today when I started again, I don’t see any website. The direct IP access redirect to http://forwardslash.htb/, but I have regular firebox error “Hmm. We’re having trouble finding that site.”. I had reset the machine couple of times, change LAB to US VIP and retuned back to EU VIP, same, its weird!!!

Something wrong with the machine?, did anyone noticed this behaviour?

Your /etc/h*** file is intact ?

Type your comment> @cyberafro said:

Type your comment> @nav1n said:

I started working on the machine yesterday and I noticed the defaced website, I even have the screenshot made for my writeup. But today when I started again, I don’t see any website. The direct IP access redirect to http://forwardslash.htb/, but I have regular firebox error “Hmm. We’re having trouble finding that site.”. I had reset the machine couple of times, change LAB to US VIP and retuned back to EU VIP, same, its weird!!!

Something wrong with the machine?, did anyone noticed this behaviour?

Your /etc/h*** file is intact ?

Yes, I removed the entry and tried - same, also add the entry and tried same error as well.

The site is still fine after I restarted my connection, on US VIP 25.
Try to ping the hostname, if ping = no resolution, → problem with your /etc/h* file, confirm by ping on IP
else if ping resolution ok & fail, something with your machine

Verify if you still have access to previous boxes also.

Any hint on user? I can access //**.php. Found some creds too. But I’ve been stuck for a couple of hours now- nudge much appreciated! :smile:

Edit:

Got user - I was being stupid and not reading. Thanks FailWhale for reminding me!

I’ve found the n***.**t and am trying to find the b****p referenced in there.

I’ve been enumerating with various wordlists the past couple hours but I cannot find the next message or page. I would appreciate a nudge to find the next step!

edit: Found it!

root@forwardslash:~# id
uid=0(root) gid=0(root) groups=0(root)

Rooted! Wow, what a frustratingly entertaining box! This really will test your enumeration skills and you’ll be punished for shortcuts and bad habits. The first half is definitely the difficult part of the box.

Also, knowing a bit of python and/or bash will definitely help on this one.
Great job creators, even though it didn’t necessarily introduce anything new this was a good reminder to keep your house in order when doing enumeration and to keep everything!

I teamed up with @taiQui for this box, and i’d like to thank him for the teamwork and sharing his coding skillz with me, it was awezum.

Sure, PM for nudges, but I won’t give you solutions straight up. Have you really tried harder? Too many skids trying to get ez flags

can someone give me a nudge escalating my privilege from c*** to p***? I can PM you the steps I made.

Rooted !

Hint for the cipher part (to root) :
Try to do it on paper with small key & modulo, maybe with some test you could find something interesting.

It was a quite good box !

Finally rooted. User was way harder and took me much longer than root, but I solved one critical step for root before I got user.
Thx for the box, learnt quite a lot!

Finally rooted. For me personally it was rather hard, fell for a lot of rabbitholes.
Great box, learned a lot.

User: Keep it simple, usual enum should to the trick. Don’t overcomplicate things
Root: Understand what the code is doing, maybe even do it by hand will help a lot

Do not forget to clean the box after you’re finished, it won’t do it by itself.

rooted. good box. thanks to creators.

initial: keep it simple. enumerate properly. This part NOT HARD
user: try to understand what binary does. One you get it you can do it with one line bash script
root: In my way I did NOT crack anything. Try to create your own encrypted lu** ig. It is up to you what put in that ig.

Pm me for hints.