Magic

Rooted, fun box, its a great feeling to use magic, pm for nudges.

Great box. After the disgusting ServMon, it is like a breath of fresh mountain air. As usual, if you are stuck - write to me in PM.

Rooted. The foothold was very easy, user needs a bit of enumeration, and then direct way to root…

Awesome box, thanks a lot @TRX !

Pm me if stuck.

Very fun box

Why is the image getting deleted as soon as I am uploading?

Type your comment> @Anu said:

Why is the image getting deleted as soon as I am uploading?

Seems like there’s a cleanup that happens periodically. Just be ready with your file just in case ;).

Fun box - very magical experience. Here are some hints to try and help - don’t think it’s too spoilery but sorry ahead of time if it is.

Foothold - web browsers and servers are stupid - trick it into thinking it’s getting what it things its getting. file extensions can be magical and together
User - enum for something, then enum some more with that something. you might need to create your own mechanism for this if the foothold is too janky
Root - super basic enum techniques worked for me instead of tools (the results were overkill). find something sticky, string it up, see where it leads you

Happy to help with judges if you want to PM :smile:

Spoiler Removed

having trouble connecting with ssh to user th****s, is that normal?
error is Permission denied (publickey).

@asteer1 said:

having trouble connecting with ssh to user th****s, is that normal?
error is Permission denied (publickey).

Rooted! Good box, learned something when getting first shell. I’m dropping some hints:

  • foothold: pretty standard, almost too easy to bypass… Enter and figure out how to make your way to the system. Images can contain a lot of data… Newlines aren’t your friends.

  • user: enum, then enum and finally enum! Don’t surrender when you find something, just try other tools.

  • root: both a pre-made tool and a manual check should do the trick. Focus on what stands out as non-standard ;).

I hope that I didn’t spoiler anything! Enjoy

Finally rooted:) needed quite a few Nudges for root. It is super simple but if you have never seen the trick its hard to guess.

As always pm for nudges :slight_smile:

Fun box. Didn’t take too long once I got down to it. I would be curious if someone wants to PM me on upload file bypass because I don’t get why what I did worked, but it did.

Otherwise, 100% fun box. All the hints are already in the thread, but just keep it simple. I like the path to root because it shows something interesting about special files. PM me for hints if you want.

i found a password in php database but when i try to login with su - t****** it sais authentication failure, any help?

Finally Rooted.
This box is very much unique. I struggled for both User and Root but the knowledge I got was huge. Thanks to @FunkyMcBeef for helping/guiding me throughout the process of root

Initial foothold:
1.You know how to bypass login using basic things. (really a child’s play)
2. You have to upload something to get the shell
3. Trick is not everything works. For me all the basic methods failed. But then I watched one youtube video and learned a new method to craft payload. Cat has some powerful magic I would say.

User:

  1. Once you get shell, you know where to look first.
  2. Extract something but you don’t have access to the tools.
  3. But there are other ways to do it. (really its in front of you)

Root:
OK this is not easy

  1. linpeas will really give you something (please read it line by line. I didn’t and that’s why I struggled)
  2. check what really happens in the background
  3. exploit it

I am very much descriptive here, hope haven’t spoiled anything

@666snippet said:

i found a password in php database but when i try to login with su - t****** it sais authentication failure, any help?

You need to use the password for something else, maybe use it to dump what you want out of something.

got USER :smile:
Now onto root…
Pure fun so far, thx for @TRX

Finally!!

root@ubuntu:/root# hostname;id
ubuntu
uid=0(root) gid=0(root) groups=0(root)

Root was basic, but very interesting to find it.
No hints from me. I’m pretty sure that here is enough hints.

I am stuck at root. Been looking at a script that will clean stuff up and see some interesting “Search and destroy” instructions. However I have no idea how to inject my own code in there.
Not sure if it is even the right path.

I need a little nudge for root, I think I found the binary but I dont know what to do with it now

finally rooted :smiley:

Very interesting box, sure learned alot from it…
Kudos to box owner.