Am I supposed to assume the team members will reply to emails like real people? I’m lost on how much suspension of disbelief I should have going into this box.
Lots. Start off with an assumption that any links you send will result in something from someone.
At the end of the day, it’s a CTF not a real environment with human users. You can make assumptions that a level of automation will be in place to reflect expected behaviours.
can someone hint me??i have done a script that i extracted usernames and emails,tried to ftp =none ,tried to brute imap =none tryed to register and then connect to the mail with evolution = nothing …any help would be greatful
can someone hint me??i have done a script that i extracted usernames and emails,tried to ftp =none ,tried to brute imap =none tryed to register and then connect to the mail with evolution = nothing …any help would be greatful
can someone hint me??i have done a script that i extracted usernames and emails,tried to ftp =none ,tried to brute imap =none tryed to register and then connect to the mail with evolution = nothing …any help would be greatful
I guess you have tried with evolution only to “receive” some email messages. But that’s not the only thing you can try to do with an email client, isn’t it?
Lovely box, was a bit confused for a while until i knew what to fish for, but smooth sailing after that. root was a bit too easy and close to user imho, but i’m not gonna complain about low hanging fruit
Yesterday I completed this machine. My feelings about this one is a bit mixed. Altogether the machine is above medium or medium based machines are getting harder then earlier, because of the complexity. The first path of the user was quickly solvable and I like these interactive machines but when you have at least 3 passwords, things are getting complex. You need to think out of the box a bit, and that’s why I liked this machine (even though I hit my head on the wall when realized it).
If you know the specific script language internals you are good to go and this machine will be easy especially the root path. But if you’re not that type of person, you will have some hard time like I had. That part was frustrating and also the language has some annoying restricts/features (e.g. ’ vs ").
My hints (if there is a spoiler, pls remove it):
User: check your notes and try to find some relationship between the open services and the @-s on the site. You need some fishing rods and some cats to catch that fish
After that do some basic enumeration in the service (also check your notes and use google). The brainfuck part is coming; some hosts contains more h***s in it. You can guess or brute it, it’s up to you. Once you find it, you will understand how to get in. Just do what you wanted to do first on FT, but you couldn’t trigger it.
ShellZ: you don’t need to stick with the service user, just change to the other one you got earlier. Then you need to understand how things are going. Check the running processes, and you will get a clue, how should you get that user. Once you found out, you need a little GoogleFu how trick this internal service to get what you want. I think this is the hardest part. Yes, you need to upload something but it’s not the uploaded package what gives you the shell, so do not overcomplicate this.
Root: strongly related to the previous service. Basic privilege enumeration and GTFOBins will bring you the joy.
Thanks @sulcud for this machine, I learned a brand new thing what I didn’t find in other machines earlier.
And done! A few good learning points from this one. The path to user takes several long steps. Root was a breeze compared to it! If things arent working remember to check your package
I thought that was one of the best boxes I’ve done on here. It was super engaging, used things I hadn’t really done in other boxes, and seemed like something that would be ultra realistic. Root was a bit disappointing because it was so trivial, but given the setup that’s probably pretty realistic, heh.
Thanks to @j88001 for the nudge on how to go spear fishing
Thanks to @sulcud , this machine was for some steps amazing
The foothold was amazing but i need to search some nudge because, i have never do that before, i have never seen something before in this enviroment, so great machine! Try to user diffrent easy list, don’t complicate
For the user part, it was confusing, thanks to @rulzgz to make me more clearly about steps. For the user, i can say, sometimes, if you write keeping a sequence , maybe you can try to invert that sequence. Googling, most common sequence didnt work for me.
this machine was really hard for me took me ages to get the initial foothold but finally got root learned a lot of new things with this machine, thanks @schizo , @joenibe , @zaero and @CurioCT you all helped me rooting this box. really, appreciated your help!!