Official Buff Discussion

Official discussion thread for Buff. Please do not post any spoilers or big hints.

here we go! this is my first Blood attempt!

(Sorry, bad post)

user blood already !

user was easy :slight_smile:

Type your comment> @0x40404040 said:

user was easy :slight_smile:

depends for who

1 Like

User is easy

I was trying to find things by navigating to /a…n but don’t know where to go from there. Would be really helpful if someone could give me a nudge in the right direction

Oh ■■■■ i forgot this was about to release!

um, did anyone find the link the bottom of the ad*** page goes to a site linked to malware?

Malware Link:
http://skymbu.info/ (dont go to)

Type your comment> @aksofar said:

I was trying to find things by navigating to /a…n but don’t know where to go from there. Would be really helpful if someone could give me a nudge in the right direction

2 hours in? Try some things out? Enum a bit more.

1 Like

Rooted! Fun and easy box! Too easy… But well take it after RopeTwo and Intense! :slight_smile: PM for nudge… if you have really tried! There is no big challenge… you should be able by yourself…

Beginner friendly box. Path to both user and root are clear with basic enum. Root stage might require some patience if there are multiple people on the box.

come on guys, we can do it. Let’s break the machine reset world record.

A very nice and Easy Windows box, User is unbelievable easy and Root is a nice path if you just enum a bit.

C:\Users\Administrator\Desktop>hostname && whoami
hostname && whoami
BUFF
buff\administrator

Rooted. Fun box. For those studying for OSCP, this is a good one to execute one of the essential skills.

User: Standard enumeration of a service. Google will tell you how to proceed. Someone has even done the hard work for you. Now upgrade.

Root: More enumeration. A usual location holds something important. Google some more. Look at the code, modify as needed. Before you proceed, look around again. Maybe things look different on the inside.

Don’t get stuck in rabbitholes.

Is the cloud thing a rabbithole?

Edit:
Thanks @Caracal . I just got root after I post this. I guess the machine was in weird state and someone reverted it. And then I got the root shell by using the same attack.

Type your comment> @zhe0ops said:

Is the cloud thing a rabbithole?

The logo and name of the box should help u to answer that question :slight_smile:
Easy box but fun, thanks @egotisticalSW.

any nudge for user