Why is the image getting deleted as soon as I am uploading?
Seems like there’s a cleanup that happens periodically. Just be ready with your file just in case ;).
Fun box - very magical experience. Here are some hints to try and help - don’t think it’s too spoilery but sorry ahead of time if it is.
Foothold - web browsers and servers are stupid - trick it into thinking it’s getting what it things its getting. file extensions can be magical and together
User - enum for something, then enum some more with that something. you might need to create your own mechanism for this if the foothold is too janky
Root - super basic enum techniques worked for me instead of tools (the results were overkill). find something sticky, string it up, see where it leads you
Rooted! Good box, learned something when getting first shell. I’m dropping some hints:
foothold: pretty standard, almost too easy to bypass… Enter and figure out how to make your way to the system. Images can contain a lot of data… Newlines aren’t your friends.
user: enum, then enum and finally enum! Don’t surrender when you find something, just try other tools.
root: both a pre-made tool and a manual check should do the trick. Focus on what stands out as non-standard ;).
Fun box. Didn’t take too long once I got down to it. I would be curious if someone wants to PM me on upload file bypass because I don’t get why what I did worked, but it did.
Otherwise, 100% fun box. All the hints are already in the thread, but just keep it simple. I like the path to root because it shows something interesting about special files. PM me for hints if you want.
Finally Rooted.
This box is very much unique. I struggled for both User and Root but the knowledge I got was huge. Thanks to @FunkyMcBeef for helping/guiding me throughout the process of root
Initial foothold:
1.You know how to bypass login using basic things. (really a child’s play)
2. You have to upload something to get the shell
3. Trick is not everything works. For me all the basic methods failed. But then I watched one youtube video and learned a new method to craft payload. Cat has some powerful magic I would say.
User:
Once you get shell, you know where to look first.
Extract something but you don’t have access to the tools.
But there are other ways to do it. (really its in front of you)
Root:
OK this is not easy
linpeas will really give you something (please read it line by line. I didn’t and that’s why I struggled)
check what really happens in the background
exploit it
I am very much descriptive here, hope haven’t spoiled anything
I am stuck at root. Been looking at a script that will clean stuff up and see some interesting “Search and destroy” instructions. However I have no idea how to inject my own code in there.
Not sure if it is even the right path.