ForwardSlash

Type your comment> @nav1n said:

I started working on the machine yesterday and I noticed the defaced website, I even have the screenshot made for my writeup. But today when I started again, I don’t see any website. The direct IP access redirect to http://forwardslash.htb/, but I have regular firebox error “Hmm. We’re having trouble finding that site.”. I had reset the machine couple of times, change LAB to US VIP and retuned back to EU VIP, same, its weird!!!

Something wrong with the machine?, did anyone noticed this behaviour?

Your /etc/h*** file is intact ?

Type your comment> @cyberafro said:

Type your comment> @nav1n said:

I started working on the machine yesterday and I noticed the defaced website, I even have the screenshot made for my writeup. But today when I started again, I don’t see any website. The direct IP access redirect to http://forwardslash.htb/, but I have regular firebox error “Hmm. We’re having trouble finding that site.”. I had reset the machine couple of times, change LAB to US VIP and retuned back to EU VIP, same, its weird!!!

Something wrong with the machine?, did anyone noticed this behaviour?

Your /etc/h*** file is intact ?

Yes, I removed the entry and tried - same, also add the entry and tried same error as well.

The site is still fine after I restarted my connection, on US VIP 25.
Try to ping the hostname, if ping = no resolution, → problem with your /etc/h* file, confirm by ping on IP
else if ping resolution ok & fail, something with your machine

Verify if you still have access to previous boxes also.

Any hint on user? I can access //**.php. Found some creds too. But I’ve been stuck for a couple of hours now- nudge much appreciated! :smile:

Edit:

Got user - I was being stupid and not reading. Thanks FailWhale for reminding me!

I’ve found the n***.**t and am trying to find the b****p referenced in there.

I’ve been enumerating with various wordlists the past couple hours but I cannot find the next message or page. I would appreciate a nudge to find the next step!

edit: Found it!

root@forwardslash:~# id
uid=0(root) gid=0(root) groups=0(root)

Rooted! Wow, what a frustratingly entertaining box! This really will test your enumeration skills and you’ll be punished for shortcuts and bad habits. The first half is definitely the difficult part of the box.

Also, knowing a bit of python and/or bash will definitely help on this one.
Great job creators, even though it didn’t necessarily introduce anything new this was a good reminder to keep your house in order when doing enumeration and to keep everything!

I teamed up with @taiQui for this box, and i’d like to thank him for the teamwork and sharing his coding skillz with me, it was awezum.

Sure, PM for nudges, but I won’t give you solutions straight up. Have you really tried harder? Too many skids trying to get ez flags

can someone give me a nudge escalating my privilege from c*** to p***? I can PM you the steps I made.

Rooted !

Hint for the cipher part (to root) :
Try to do it on paper with small key & modulo, maybe with some test you could find something interesting.

It was a quite good box !

Finally rooted. User was way harder and took me much longer than root, but I solved one critical step for root before I got user.
Thx for the box, learnt quite a lot!

Finally rooted. For me personally it was rather hard, fell for a lot of rabbitholes.
Great box, learned a lot.

User: Keep it simple, usual enum should to the trick. Don’t overcomplicate things
Root: Understand what the code is doing, maybe even do it by hand will help a lot

Do not forget to clean the box after you’re finished, it won’t do it by itself.

rooted. good box. thanks to creators.

initial: keep it simple. enumerate properly. This part NOT HARD
user: try to understand what binary does. One you get it you can do it with one line bash script
root: In my way I did NOT crack anything. Try to create your own encrypted lu** ig. It is up to you what put in that ig.

Pm me for hints.

And rooted! What an interesting box. Some frustrating times when enumerating for user, but a lot of fun once you get what you need!

Thanks InfoSecJack & chivato for creating this.

As for root: My brain don’t math good so I used an alternative path to get root.
I’d love to hear the details on the normal path.

Hoping to talk with someone about the process with //b**, I think I know what it’s does just can’t figure out scripting… Thx

Edit: Got it.

Great machine, the root part was elegant and the user one was tricky but mind-blowing

My hints:

User

  • You can read it but is not that simple
  • You need to know how a thing work but is not that first one you found in his folder

Root

  • Look! it maintain the permissions

is the part about the binary need RE ? any nudge will help :\

EDIT: got it :smiley:

root@forwardslash:~# hostname && id
forwardslash
uid=0(root) gid=0(root) groups=0(root)
root@forwardslash:~#

Great BOX

I’ve been fuzzing for ages, could anyone pm me a nudge.

Hi all, I am stuck after finding credentials. I can’t find a way to RCE. I tried all obvious things. Could anyone push me in the right direction? I’ll show what I’ve tried. Thanks.

Hi everyone! I have user and am currently working on the crypto thing. I understand what it does and analyzed it quite a bit, but I don’t really see the weakness. Any nudge would be appreciated!

can someone give me a nudge on the enumeration phase? just found a **.txt with some notes inside, but it seems not so useful. Thanks