Official Sink Discussion

Official discussion thread for Sink. Please do not post any spoilers or big hints.

first

Hahaha I now wonder if current boxes are just regular pentest whitebox codeaudit jobs for some client but the guy was too lazy and thought like "I’m ma make a box they gonna find it " :smiley:

Man insane again, what’s goin on… someone wanna team up? maybe I let it be right away… but I’m lonely and need distraction so…

Lol found the vuln it’s too hard for me haha if you want it I’ll share haha

Does the box’s services (3### and especially 5###) seem really unstable to anyone else, even on VIP? Like they seem to crash/go offline even after a short period of simple browsing (no fuzzing)?

Or is that supposed to be part of the scenario somehow? I don’t think I’m doing anything that would warrant triggering some kind of block/crash.

Odd to see an insane box with 27 user owns so quickly. (For the avoidance of doubt I am not planning to look at this box for a few weeks yet - I cant help anyone)

Type your comment> @TazWake said:

Odd to see an insane box with 27 user owns so quickly. (For the avoidance of doubt I am not planning to look at this box for a few weeks yet - I cant help anyone)

blood was a whole lot faster than tentacle as well, which is rated easier

Perhaps there is an unintended way. I wait a while, before I start this box.

Type your comment> @kld87 said:

Does the box’s services (3### and especially 5###) seem really unstable to anyone else, even on VIP? Like they seem to crash/go offline even after a short period of simple browsing (no fuzzing)?

Or is that supposed to be part of the scenario somehow? I don’t think I’m doing anything that would warrant triggering some kind of block/crash.

yup, unstable for me too. no fuzzing, just browsing.

Type your comment> @HcKy said:

Type your comment> @TazWake said:

Odd to see an insane box with 27 user owns so quickly. (For the avoidance of doubt I am not planning to look at this box for a few weeks yet - I cant help anyone)

blood was a whole lot faster than tentacle as well, which is rated easier

Yeah… this is weird.

But I wonder if the reported instability wouldn’t be related to the name… if you send in too many people/requests, it “sinks”. :wink:

(Edited to remove typo. I guess it’s too early to write without coffee. :sweat: )

I’m looking for a nudge on root - don’t know what to do with s******.*** - seems like I should use k** but no luck there or with the other usual means… open to DMs!

Edit: nevermind, got it. Was on the right track it’s just finicky AF.

I keep thinking I am knocking on the wrong door. I dont want to be that guy that keeps banging away at a brick wall but on the other hand, you never know until you try :slight_smile: I may have to ask if I am at least in the right direction. Just seems to make sense in my mind at least

Is the foothold related to modifying request? The not* help me to debug it, but I can not figure how to leverage this attack technique to be something usefull.

Type your comment> @kichung said:

Is the foothold related to modifying request? The not* help me to debug it, but I can not figure how to leverage this attack technique to be something usefull.

NVM, got the way in.

This is an incredible box, with a believable, modern devops setup and interesting exploitable mistakes.

rooted box. for everyone still stuck, there are two exploits with Hxxxxxx, one of them is the entry, once you are in, you will need to read code to find the next step.

Awesome box ! I had been waiting for quite some time to see the initial vuln here. I really had lots of fun, except maybe on the second part because I was too focused on something so I forgot an important part of what had to be done.
The very last part had me very confused for a while. I’m happy though because it didn’t take too much time for me to realize what was going on.
Thanks a lot @MrR3boot !

Hi everybody, can i write to someone for further explanation about the H****** exploitation?

rooted. what a fun box - thanks @MrR3boot!

PM if you need a nudge.

Has something changed ? I wanted to do the box again to try something different and I cannot reproduce the foothold. I know some cookies have been removed but it seems like the vuln I exploited perfectly a few weeks ago just isn’t there anymore. I mean, I had saved the request, so I copied and pasted it, changed the cookies, and nothing happens.

I am stuck. I found the s****** documentation. I dont know how to find the access token. I would really appreciate if someone can DM me with right nudges :expressionless: