Official Bucket Discussion

halleluja what a ride. finally got root flag. I did not get a root shell but could read out the root.txt. if there is way to get an actual shell could someone PM me plz. would be interesting on how to achieve that.

After a full 24 hrs of trials, i finally ROOTED this box. Good one

Finally rooted the box, root part found to be very tough to me. Thanks guys for helping with nudge specially @xaif7aLe

Finally rooted. Thanks to @MrR3boot for creating this amazing machine. Definitely on the harder side of medium machines, but well worth the effort.
No additional hints from me but if you need a nudge, feel free to DM me.

Hi, i’m new in this world.
I’m not familiar with a**, any hint for user?

Enjoyable box - learned a few new things as well, which is always good.

@JoakoI98 said:

Hi, i’m new in this world.
I’m not familiar with a**, any hint for user?

The cli helps. If you google the commands it allows, you might come up with a way you can get a foothold. Then you can use the loot you can find from basic enumeration to become the person you want to become.

Got user. I like this box already, have to read much many many documentation. On to root!

It took a while to figure out the root part (though I didn’t manage to get a shell, just only the flag) Thanks @MrR3boot: it was great to learn new things

For root, when you start researching, ignore any sources that appear to be medium helpful, they will only lead you astray.

The docs, and Twitter of all things are much more useful!

Spoiler Removed

Can anyone nudge me on foothold?? I saw a higher port was running some days back but now it’s closed…

@alalno said:

Can anyone nudge me on foothold?? I saw a higher port was running some days back but now it’s closed…

You only need one port for the foot hold - XX - and it’s a common one. If you saw a port in the range of XXXX, then chances are you saw some else attacking the box and setting up their own server for some unknown reason.

Best route to initial foothold - enumerate with the right host name.

Rooted.

Hint for root:
If your POSTman is afraid of the tunnel, ask someone locally.
Wasted a bunch of my time here.

Good box though. PM for nudges.

Managed to grab some creds and also know how to get stuff into “the cloud” (used the API instead of the CLI, though). Just not sure how that links to the main page or how to get it executed over there :confused:
Anyone willing to spare a hint on how to proceed?

@HomeSen said:

Managed to grab some creds and also know how to get stuff into “the cloud” (used the API instead of the CLI, though). Just not sure how that links to the main page or how to get it executed over there :confused:
Anyone willing to spare a hint on how to proceed?

The annoyingly vague hint is “more enum”.

You should be able to see where an image is hosted and you can see if you write to that location. Then you can call it from there.

The biggest issue I found was how quickly you need to work. Scripting is a winner.

@TazWake said:

@HomeSen said:

Managed to grab some creds and also know how to get stuff into “the cloud” (used the API instead of the CLI, though). Just not sure how that links to the main page or how to get it executed over there :confused:
Anyone willing to spare a hint on how to proceed?

The annoyingly vague hint is “more enum”.

D’oh. I was afraid someone came up with that :smiley:

You should be able to see where an image is hosted and you can see if you write to that location. Then you can call it from there.

I see what you mean, here. Will try that. Thanks.

The biggest issue I found was how quickly you need to work. Scripting is a winner.
Good to know. Because on the other location it remained for quite some time.

Type your comment> @TazWake said:

The annoyingly vague hint is “more enum”.

You should be able to see where an image is hosted and you can see if you write to that location. Then you can call it from there.

The biggest issue I found was how quickly you need to work. Scripting is a winner.

I understand what you mean here and I was trying to go down this route using the API - but I can’t get it to hit the “local” bucket instead of the amazonaws endpoint…can I DM?

EDIT: figured out how to write it to that location , now on to actually getting a foothold…

@r1cin said:

can I DM?

Yes - and I will always try to help if I can but I cant say how quickly I’ll reply. I try to be fast but circumstances vary.

@TazWake said:

The biggest issue I found was how quickly you need to work. Scripting is a winner.

It seems to me that the issue is of a different nature: There is enough time to do things manually, once the upload got deployed. But there seems to be quite a huge delay between upload and deployment.