Quick

My god!!! Finally! What a ride for that user… The foothold was tough, but how proud i feel right now!! :slight_smile: Onto Root!

User was not very obvious, but the forum is loaded with hints of the struggles.
Second PrivEsc was probably the most enjoyable part of this box.
Root was too “quick” Don’t need to look very far.
I liked the box but wish it had more stepping stones along the way, especially on the initial foothold.
It fits its category of difficult and had some custom exploitation along the way.

On another note, if anyone can enlighten me on how to resolve DNS hosts using python if a box doesn’t have capabilities to add to the etc hosts file, that would be awesome!
I currently only know of curl that can --resolve DNS override!

finally got user
learned a lot !!

i’m frustated in initialfoothold.
tried to fuzz the web, login form, access the portal,

Any nudge would be appreciated.

Oh man, finally got that user flag. It’s been a ride. Wowza.

user was pretty hard because i couldn’t for the life of me figure out how to access the portal, after a little nudge from someone it was basically smooth sailing to root

enjoyed this box a lot as well, keep 'em coming r3boot ^^

can anyone help me with foothold please ?

Spoiler Removed

Not getting anywhere with this box, not even the slightest hint of progress. I’ve tried dir busting and fuzzing but not got much back. I’ve found some headers that appear to suggest Jy and I’ve got a couple of URLs, w-f & m-**f but I don’t know if they are dead ends. Anyone feeling charitable feel free to shove me in the right direction.

Super cool box, just got the user!

just got user… when the creator said it was esoteric they sure weren’t kidding! Enjoyed path to user from foothold. For foothold the landing page text is important and many wont have even done it before.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

I’m getting this, any hints how to bypass it ?

can anyone give me a clue for the next step? I have managed to log into the portal tried a few things but am now hitting a wall…

Type your comment> @Dreadless said:

can anyone give me a clue for the next step? I have managed to log into the portal tried a few things but am now hitting a wall…

Inspect the header of the requests closely, you’ll find the clue to the next step.

great machine, I appreciated.

root@quick:~# ifconfig|fgrep 10.|awk '{print $2}'&&whoami 10.10.10.186 root

calipendula
for nudges on discord calipendula#1089
please don’t ask solutions but little hints

Where are u guys getting the creds for login?? I’m getting “Error code: SSL_ERROR_RX_RECORD_TOO_LONG” & stuck here…is there any other any port I’m missing out?

Type your comment> @b3nn said:

Type your comment> @Dreadless said:

can anyone give me a clue for the next step? I have managed to log into the portal tried a few things but am now hitting a wall…

Inspect the header of the requests closely, you’ll find the clue to the next step.

I fear this is something new to me as I am looking at the headers but not seeing the magic

finally got user last night, working to create an RCE script today so I can get back quickly. ready to tackle the user privesc and then onto root!

PM with what you tried up t if you’re stuck.

Type your comment> @alalno said:

Where are u guys getting the creds for login?? I’m getting “Error code: SSL_ERROR_RX_RECORD_TOO_LONG” & stuck here…is there any other any port I’m missing out?

This seems to be a common problem. This is coming up because your browser is trying to negotiate HTTPS like the link tells it to, but is not receiving what it expects. It thinks it is receiving an SSL record that is too long, it is actually just getting the same HTML page you’d get from a port that’s not supporting HTTPS. So… is there another port you might need to try?

@calipendula Thanks for clearing my brain! And as always @applepyguy thanks for the constant guidance as well haha