Magic

and… i also need a push with the upload :cold_sweat:
Tried different applications and methods but my cmds are not executed

just got shell the best advice i can give you is youtube lol

Type your comment> @ciberpapi said:

“What are you trying to do there?” while trying to do magic :confused:

Sounds like magic is the part you forgot to add

Rooted!!!
Great Box

Oh dude who posted that qr ?. I thought it was related… Man that calculation

Rooted! totally over complicated root.

take the time to watch what is happening. basic attention to detail.

A very nice box, I really enjoyed it :slight_smile:
Thank you @ByteM3 for the awesome box.
Hits:
foothold:

  • if you found the form, then try to find a way to trick it.
    user:
  • you need a stable shell.
    root:
  • Enumerate, when you find it then look into the binary.

I hope this helps :smile:

Type your comment> @xAbdulRhman said:

A very nice box, I really enjoyed it :slight_smile:
Thank you @ByteM3 for the awesome box.
Hits:
foothold:

  • if you found the form, then try to find a way to trick it.
    user:
  • you need a stable shell.
    root:
  • Enumerate, when you find it then look into the binary.

I hope this helps :smile:

ahaha thanks for the credit but 100% wasnt me. I just started the thread!

Type your comment> @ByteM3 said:

Type your comment> @xAbdulRhman said:

A very nice box, I really enjoyed it :slight_smile:
Thank you @ByteM3 for the awesome box.
Hits:
foothold:

  • if you found the form, then try to find a way to trick it.
    user:
  • you need a stable shell.
    root:
  • Enumerate, when you find it then look into the binary.

I hope this helps :smile:

ahaha thanks for the credit but 100% wasnt me. I just started the thread!

Oops sorry :smile:
Thank you @TRX

Type your comment> @0x41 said:

Type your comment> @ciberpapi said:

“What are you trying to do there?” while trying to do magic :confused:

Sounds like magic is the part you forgot to add

thanks for the reply, but I already did the magic, thank you anyways, now im stuck at wwwdata :c

Pretty fun box overall, foothold was straight forward but user and root definitely took a bit longer to get. This box is good to brush up your linux enum skills for sure, I definitely needed it. Thanks @TRX for the box.

If anyone is really stuck feel free to send me a pm for a nudge.

So when looking for all the things i can find, none of the tricks from there are kicking me a stable one please HELP!! I am sure i am making it harder than i need to :frowning:

Type your comment> @s1lv3rst4r said:

Oh dude who posted that qr ?. I thought it was related… Man that calculation

Haha I did the same lol. It was only after the box reset I realised someone uploaded the QR image.

ROOTED!!
I made it far more complicated than it needed to be to get root. The advice in here has been spot on for getting there though.
For root think about how commands are run.
Thanks @TRX I learnt a lot on this one, thanks to those that gave me nudges in the right direction aswell.

Stuck on the file upload. I’ve played with the headers but still getting the message What are you trying to do there?

Can I have a nudge please.

Edit: I got it the file upload but need to find it. Magic.

Edit 2: Thanks to @Cedgar for the nudge, I got the reverse shell.

Might need a nudge on root. Been stuck enum for a while.
Update. Got root.

Type your comment> @CyberFunk said:

Type your comment> @s1lv3rst4r said:

Oh dude who posted that qr ?. I thought it was related… Man that calculation

Haha I did the same lol. It was only after the box reset I realised someone uploaded the QR image.

HHHH sorry it was me … just a QR photo from another challenge ?

Great box.
Was stuck with privesc but finally rooted.

User: try different payloads.
Root: you need to find special tool…

Feel free to msg me for hints.

Easy and fun.

One big favor to all that will reach to forum, stop resetting the box. It’s not nice, it’s annoying and spoils the fun.

Some tips from my side,

User: Enumerate all, ffuf will do the work pretty fast. For the form, the first option that you will find in google.
Root: Look for what shouldn’t be there. SUID3NUM or anything else that you normally use will do the trick. From then on strings or strace will work for you.

Rooted:

Foothold - get logged in, then pay attention to the name of the box.
User - Pay attention to running services, and always try any found credentials everywhere you can
Root - linpeas will get you halfway, pspy will get you another quarter, and knowledge of how linux decides the order in which to run programs will bring you home.

Happy to help anyone who needs a nudge.