Official Feline Discussion

it was one of those machines where i would poke around a lot after getting the root flag to try out things beyond getting the flag. Always a sign of an interesting machine.
Getting root also took me some time, but it was very rewarding in the end and a great experience.

Type your comment> @TazWake said:

It is also one of those boxes where just as you think you’ve finished, you realise you haven’t.

I can sense what you thought that time. ?

@gunroot said:

I can sense what you thought that time. ?

(nodding)

Rooted. This was fun and educational. It is amazing that we always learn something new even though it seems there is you know everything about specific application :slight_smile:

Thanks @purplenavi for nudges.

Rooted finally!! A super educational box. Thanks @purplenavi for the help.

Anyone feel free to DM ?

Rooted! :slight_smile:

Question, for the exploit writeup from a blog about the RE vuln, are we supposed to receive error messages as shown in the writeup? Burp doesn’t return any s***** errors if you direct it to the wrong location for me

Type your comment> @m0zzare11a said:

Question, for the exploit writeup from a blog about the RE vuln, are we supposed to receive error messages as shown in the writeup? Burp doesn’t return any s***** errors if you direct it to the wrong location for me

From my experience it doesn’t cause expected error 500 for random location. You only see an exception if payload ‘worked’.

Aite thanks! Had me wondering if I got the correct vuln for quite a bit

What a ride. The user was super! and Root was awesome too. If you read the bible for CTFs carefully you will find everything. :stuck_out_tongue_winking_eye:

Excellent box. finally rooted! the tips in here are everything you need, don’t be afraid to get creative

Upload successful! The report will be sent via e-mail.
no report!!! i got :neutral:

@scorpion4347 said:

Upload successful! The report will be sent via e-mail.
no report!!! i got :neutral:

You dont want a report, you want a shell.

i mean reverse shell not connecting!!!

@scorpion4347 said:

i mean reverse shell not connecting!!!

Ok - you might want to work on identifying why this is happening or at least more detail about what could be the problem. Simply having a shell fail to connect isn’t something people can really help with.

For example, there are countless reasons why this might be the case:

  • You’ve used the wrong payload
  • Your payload has a typo
  • Your payload hasn’t been put in the right place
  • Your payload isn’t being called properly
  • Your attack is hitting the wrong place
  • Your listener isn’t working
  • Your listener is expecting something other than what the payload is sending
  • You have a typo in the listener
  • Your firewall is blocking connections

(etc - this could go on for days).

This is a hard box, so it does need some trial and error to get attacks working. You need to be comfortable working through what you are trying to do so you can understand where a problem might have occurred. (and remember, if you are too open about what you are asking on the public forum it will get hit for a spoiler)

Rooted !
Feel free to pm me for nudges

Rooted. Fun box, not too hard for a hard box but definitely not easy.
PM me if you need a nudge but be prepared to tell me what you’ve tried first.

Rooted, good box with lot of learning points.
Let me know if you need any help but tell what you tried to avoid me any spoil

path is web link without security ???

Pretty sure I am looking at the intended exploit. Can someone point me to some good reading material for the exploit?

I’m not able to get the required code for SUCCESS

Edit: Rooted the box

root@VirusBucket:~# whoami;id;hostname
root
uid=0(root) gid=0(root) groups=0(root),1(daemon),2(bin),3(sys),4(adm),6(disk),10(uucp),11,20(dialout),26(tape),27(sudo)
VirusBucket