Rooted this one as well! Seems like I was just in time. After getting the root flag the box died and now I can’t get in anymore with my backdoor. Looks like someone slammed the reset button 5 seconds after I got my flag.
This box was fun and not that hard to crack. Enough tips are given here. I don’t think I need to repeat them again. But if you need a nudge feel free to PM.
Please also mention the box you are asking help for since I get a lot of PM’s lately about different boxes.
User: To find what ye seek, you must go back to the source of what you’re searching.
Root: Definitely was overthinking this one at first, by far the most helpful tool was pspy. Also, you don’t need to be super quick, in the world of bash you can do cmd1; cmd2; cmd3 and they’ll execute in order.
Useful tips on page 26 and 27, the only ones I had to look at to get the insights I was missing. Not a hard machine in concepts though, although my inexperience with the tools payed a price here.
Had lot’s of fun, not that much frustration this time and as always, learned a lot.
I will be around if hints are needed.
Well that was a fun one. I had all the parts but needed to refresh on one tech. Can help with non-spoiler nudges but let me know what you tried first and where you are.
Just rooted. Cool, but without clues on this forum, it would be too much guessing (especially for initial foothold). However, I found it pretty fun box.
I’ve gotten too the part where you move into the folder but I get this error when in the machine. I reset it and got it again can someone help ?
Welcome to the Luvit repl!
Uncaught exception:
[string “bundle:deps/readline.lua”]:485: attempt to call method ‘set_mode’ (a nil value)
stack traceback:
[string “bundle:deps/readline.lua”]:485: in function ‘readLine’
[string “bundle:deps/repl.lua”]:198: in function ‘start’
[string “bundle:main.lua”]:137: in function ‘main’
[string “bundle:init.lua”]:49: in function <[string “bundle:init.lua”]:47>
[C]: in function ‘xpcall’
[string “bundle:init.lua”]:47: in function ‘fn’
[string “bundle:deps/require.lua”]:310: in function <[string “bundle:deps/require.lua”]:266>
so did someone break the machine as this happens between resets or is this an intended thing ? it seems like its having issues with the program it self and loading the needed functions ?
I’ve gotten too the part where you move into the folder but I get this error when in the machine. I reset it and got it again can someone help ?
Welcome to the Luvit repl!
Uncaught exception:
[string “bundle:deps/readline.lua”]:485: attempt to call method ‘set_mode’ (a nil value)
stack traceback:
[string “bundle:deps/readline.lua”]:485: in function ‘readLine’
[string “bundle:deps/repl.lua”]:198: in function ‘start’
[string “bundle:main.lua”]:137: in function ‘main’
[string “bundle:init.lua”]:49: in function <[string “bundle:init.lua”]:47>
[C]: in function ‘xpcall’
[string “bundle:init.lua”]:47: in function ‘fn’
[string “bundle:deps/require.lua”]:310: in function <[string “bundle:deps/require.lua”]:266>
so did someone break the machine as this happens between resets or is this an intended thing ? it seems like its having issues with the program it self and loading the needed functions ?
Does this also happen, when you just load the repl, without any parameters?
This is my first box ever. It took me a few hours.
Once I became root, I used my root privileges to chattr +i all of the flags and the .bash_history of root and the other two accounts after clearing them. This way no bash history can be recorded, preventing it from giving away clues from other users. Only root will be able to delete critical files now. This could have been done “out of the box” by the author.
This is my first box ever. It took me a few hours.
Once I became root, I used my root privileges to chattr +i all of the flags and the .bash_history of root and the other two accounts after clearing them. This way no bash history can be recorded, preventing it from giving away clues from other users. Only root will be able to delete critical files now.
Well, on your server and until it is reset, yes.
This could have been done “out of the box” by the author.
True - and certainly worth suggesting. I’ve found quite often Linux boxes desperately need the creator to make critical files immutable - OpenAdmin was a good example of this.
My first non-walkthrough machine ever! I’m so happy
First i blocked myself by using php shell instead of planned backdoor route :trollface: (throwing logs under my feet)
Then i tried to get user by launching external script instead of using the compiler :trollface:
And at last i tried to use totally wrong scripts for reverse shell :trollface:
But in the end it all came through! Big thanks to the Author! I learned a lot today!