Official Ready Discussion

Hey, I can’t find anything interesting. I already searched for directories with Dirbuster… nothing. Looked for something interesting in the source code… nothing.
I would be very thankful if someone could give me a hint to what to look for, maybe via pm.
EDIT: received a hint :slight_smile:

Is the machine broken as there’s no root.txt anywhere?

Type your comment> @purplenavi said:

Is the machine broken as there’s no root.txt anywhere?

Not broken. There is more work to do. This is where I am at and am having some errors with my process.

I read the user flag real easily (using one technique against the software), but don’t seem to be able to get RCE (using a different technique against the same software), even though I’ve used this fine in other challenges. Therefore I can read a lot of things, but no shell for g or d user. Going round in circles. Anyone able to help me get back on track?

Edit: the RCE technique worked fine - I just had bad characters in my payload. Got root, and more. Good box - definitely learnt a few things - including to not take anything for granted and keep disciplined.

any hints for initial foothold? send me a pm pls

Rooted!
It was same like redoing the laboratory for initial part. But overall learnt an interesting technique while escalating to root.

This was great, one of the most different boxes I’ve done on here. Not really similar to laboratory at all.

Type your comment> @purplenavi said:

I got shell with g user, but got stuck afterwards. Any nudges? :slight_smile:
Just got root. Spent ages going down rabbit holes, but it’s not as complicated as I had thought. Look at what you can find that might have something useful.

Would appreciate a nudge on the privesc. Have shell with g user, seen r_p etc…

foothold: looks like Laboratory.
user: to search well is to display in clear
root: escape game, hacktriks will help you a lot

rooted, feel free to pm

Got root at last.
It’s very easy to overlook some of those things, easier than previous gitlab challenges

got user. working on root.

Hi people.

Yesterday a get the user flag by lab method, but today I trying the same method but the server answer with http 500. Anybody have this same problem?

@embranco said:

Hi people.

Yesterday a get the user flag by lab method, but today I trying the same method but the server answer with http 500. Anybody have this same problem?

Maybe they patched that unintended path. At least for me it also doesn’t work with the lab method (and the ready made exploit also doesn’t work, even with modified payloads :confused: )

Rooted.
I mean, this one was waaaaaay eaiser than laboratory. Really weird how machines difficulties are rated…
Great box btw. Congrats to the devs.

1 Like

Stuck to get d*** user, found the r_p file but it doesn’t work for any user, any nudge?

Rooted. Thanks to @menessim for helping me with r*** inside of the whale land.

Foothold: It’s very well documented on the internet and someone just released an exploit for it (didn’t use it), search for it.
User: It’s clear as a crystal, just search in somewhere “uncommon” (shame on me for being blind and not searching for it very well).
Root: Even if you having super powers you are in jail, use your strength to escape.

Type your comment> @No0x01 said:

User was fun… root is driving me insane. Doesn’t help that I can’t seem to get an interactive shell to work…

Hello brother.

Got root user but struglging to breakout of jail ,any help would be greatly appreciated.Thanks

I have a reverse shell as g** but can’t read user flag? =
Update: Nevermind.