Official Feline Discussion

howdy everyone, nice box, I am having trouble with the masonry/carpentry tool ?, appreciate a PM.

@scorpion4347 said:

curl: (28) Failed to connect to 10.10.10.205 port 8080: Connection timed out

It looks like curl failed to connect because the connection timed out.

@TazWake said:

@scorpion4347 said:

curl: (28) Failed to connect to 10.10.10.205 port 8080: Connection timed out

It looks like curl failed to connect because the connection timed out.

We got ourselves a comedian, ladies and gentlemen. :lol:

@metuldann said:

We got ourselves a comedian, ladies and gentlemen. :lol:

Thanks, I try my best.

this is the place to learn new things!!!

@scorpion4347 said:

this is the place to learn new things!!!

Along with learning, it is really fun to do. :wink:

Type your comment> @TazWake said:

@scorpion4347 said:

curl: (28) Failed to connect to 10.10.10.205 port 8080: Connection timed out

It looks like curl failed to connect because the connection timed out.

LOL

Rooted but with some sense of guilt.
I want to be totally onest: while googling i casually dropped into a spoiler and when i was completely lost for the root path i took some “inspiration” from it.

Foothold/user: here i had a pretty clear picture of the process, but i could not find the right “tooling”. Got a nudge (thx @ricepancakes) to get to user, then i went there…

root: That’s when i fell into temptation. I was struggling to find a possible path.
Yeah, i saw a lot of things using a common enum script, but i totally missed the point about getting deeper. there i started googling a little bit “too hard” and i fell into the spoiler…i did not took it as a whole. i took just a hint and i tried to get back to my blocking point to see if i could ever be able to spot the way. There i have felt dumb, because the thing to look at was plainly in front of me and i didn’t noticed.

I kinda feel to have cheated for this, thus i am not really satisfied. I spent an hour and a half thinking if it was right or not to submit the root hash… ?

@Chobin73 said:

I kinda feel to have cheated for this, thus i am not really satisfied. I spent an hour and a half thinking if it was right or not to submit the root hash… ?

Possibly overthinking. There are lots of articles which give hints and tips for every box.

As long as you’ve made notes, can recreate it in the future and have learned something, its all good.

Type your comment> @TazWake said:

@Chobin73 said:

I kinda feel to have cheated for this, thus i am not really satisfied. I spent an hour and a half thinking if it was right or not to submit the root hash… ?

Possibly overthinking. There are lots of articles which give hints and tips for every box.

As long as you’ve made notes, can recreate it in the future and have learned something, its all good.

…well, indeed i didn’t said that i did not submitted the root flag! ?

Do I need to get root in the first container before pivoting? I seem to be a bit… limited.

Spoiler Removed

Really fun and interesting box! I have learned some new things! Congrats @MinatoTW and @MrR3boot

if anyone needs a nudge, pm me.

Type your comment> @zilwah said:

howdy everyone, nice box, I am having trouble with the masonry/carpentry tool ?, appreciate a PM.

incorrect version of the tool being used on the target :frowning: thanks @ricepancakes & @Andres7ll

– rooted –

rooted. thanks @MrR3boot & @MinatoTW for a fun box. and also thanks @Andres7ll for the user path nudge.

That must be the first Hard box i do pretty much on my own so quite pleased with it, although i still needed nudge because i missed the actual vulnerability to use for the foothold, which is quite frustrating.

As someone said earlier I wonder how you can endup trying to exploit a CVE so quickly (user blood within an hour), as it’s not particularly ranked high and doesn’t popup flashing in red on scans… can’t say more without spoiling though.

This is a really enjoyable box. It made me learn how to use some tools and techniques I’d not fully understood until being forced to use them for this box. Thanks to @MrR3boot and @MinatoTW for taking the time to create it.

Thanks to @TazWake for facing me in the right direction once again when needed.

wow… wonderful journey with feline comes to end!!
finally cracked root.txt!!!
pm for any hints and tips

thank you everyone!! special thanks to @TazWake @solid5n4k3 @ecodb

As usual, it was an opportunity to learn a bit more about certain technologies. My 2cents:

  • Foothold: the vulnerability should be obvious (although there are some unknowns there in terms of its requirements and the chance of success). The only difficulty is to get the right path. Play around with the requests to get that.
  • Let’s call this one ‘pivot’: another vulnerability in a local service
  • Root: from where you landed, stay home, and look for that thing that shouldn’t be exposed