Official CrossFit Discussion

*******.crossfit.htb/vendor/
403 Forbidden error

***.crossfit.htb/vendor/

How is root done after 9 hours of user, rated by two users as piece of cake?

Type your comment> @solid5n4k3 said:

How is root done after 9 hours of user, rated by two users as piece of cake?

They are being funny

Funny like a clown :smiley:
Quote from Goodfellas :slight_smile:

They said piece of cake since they realised it’s easy

it seems to me it may be vulnerable to XSS s****t2 i found the cve but i did not find POC that work, any idea?

So, i’m currently logged in with hk, found the vulnerability in sedates. and found a PoC for it but i can’t get it to work. I appreciate any help on that matter

EDIT: nvm! i got it

Hi, I have tried to get the initial foothold using VHostScan but with no result. Is this a rabbithole - I mean trying to use wordlist to get a valid subdomain. What is a better approach? thx

I am trying to find the inital foodhold I already tried to dirsearch, dirbuster ect. but do not find anything. Can someone point to a useful tool :slight_smile:

Could someone give me a little hint with the GET request to get a valid token? PM

rooted. The root part is crazy :slight_smile:

can someone help me with root. analyzing d—g file with ghidra found function p------_d—
what to do next. new to binary exploitation

I now have USER. big thanks to @justAhmed and @luca76.

Working towards root now

rooted. This was very fun, educational and challenging box. Big thanks to @justAhmed and @jkana101 for helping me along the way.

Spoiler Removed

I had to stay awake for a long time but I finally won. Much analysis was required to reproduce the reverse step by step. Amazing. Thank you for this opportunity.

does this machine have something to do with f** if so please help me out. Thank you!!

I can see why this is an insane machine.

I was stumped on root here :smile: . EDITED TO ADD: Rooted now but that was hard.

I think I know what I need to do but I cant get it to work. It doesnt help that I cant seem to get it to give me any troubleshooting data. So there could be a lot wrong with what I am trying but I cant work out what :frowning:

It doesn’t help that the entry I am relying on seems to get wiped every few minutes!

i got root. its really hard box. if you need help you can DM. gl hf @tazwake thanks for i***c user priv. <3