Book

I’ve done it!
Thanks @Marsh61 for tips :slight_smile:

Finally rooted!

Thanks to @EvilT0r13 and @sh4d0wless
Accurate hints are there by @somecanadian in page 9!

Great work MrR3boot…Looking forward to have similar boxes from you… Its true that difficult paths lead to beautiful destinations :wink:

Feel free to PM if need help

Yep, thanks @MrR3boot for interesting box ?

Well I finally rooted this box but wouldn’t have been able to do any of it without a lot of patience and nudges along the way from @TazWake and @wxadvisor .
uid=0(root) gid=0(root) groups=0(root)
python -c ‘import pty;pty.spawn(“/bin/bash”)’
root@book:~#

Each stage taught me techniques which I haven’t seen or used but will definitely not forget.

Rooted … If you need help ping me on discord !! icoNic#0097

Arrexel

Bypassing the guard on this one has got me stumped. I’ve tried URL, Unicode, octal, hex, string concat, mixed-case, inline comments. Can any nudge me towards the right one please?

Ignore this, it’s all unnecessary -_-

Hello,

could anyone give me a nudge about the X** thing? I read the noob article and I think I understood where to apply it but cannot get results :frowning: Thanks…

@daemonzone said:

Hello,

could anyone give me a nudge about the X** thing? I read the noob article and I think I understood where to apply it but cannot get results :frowning: Thanks…

The output is written to a file you need to download.

This box was a a beast.
Took a lot of researching and a lot of nudges but that’s some good knowledge to have.
Won’t forget it. Thanks for the box :slight_smile:

finally got around to doing this box… i learned so many new things! already lots of hints so just pm if you need a nudge but tell me what you’ve already done and tried.

Learned really cool things by doing this box!

PM me if you need a hint.

if you need some help you can always msg one of the many nice guys/girls around,

of course the first thing they will ask you is to cat payload which you should do,

And at that exact moment you will realize that your are a blind fool.

Many Thanks @TazWake

I found a special file. Whenever I try to login to the server using that file I get err msg “Connection closed by 10.10.10.176 on port x”. I dont know what to do with that. Any hints?

nevermind :slight_smile:

Hello guys. I found the vulnerability in the admin panel and I exploit it, but when I use my payload nothing happen. I always be redirected to admin login page but It don’t raise the alert box with “Nope” as usual when you fall login. I don’t want to spoil this amazing box so if someone want to help me for understand better what I am doing wrongly please PM and I will explain more better what I did and what happened.

Spoiler Removed

finaly :smile: the box is very fun !! great job !

you need help for nudge mp me

Thank you to @Kevoenos for the link on the initial attack. It was what I was trying, but I was doing it in the wrong place, AND, if doing it at teh same time as other people this part is hard. IF a payload doesn’t work, wait a bit for a reset, and confirm someone else isn’t mucking up the attack. Try not to use a common file of interest to confirm access, use some other file in a directory that will always be there so that you know it was you, and not someone else

rooted !! welcome pm for help

I rooted today but my brainfucked.

I will not say I loved it, because I hit some rabbit holes. The last part was annoying with a capital A but it worked :slight_smile: I gave the builder my respect. Keep it up!