Official Breadcrumbs Discussion

Type your comment> @lebutter said:

Very nice box, iā€™ve only got user but this is a marathon so iā€™ll pause a bit here.

To me this is a very good OSCP/OSWE box, thereā€™s nothing too crazy but itā€™s a very nice check of all the basics all chained together.

Agreed & still puzzled how some guys & girls can do it in under 1h, wish I could learn that. Maybe in 10 years lol HAHA

i managed to get some creds using the vulnerability and the requests, but those creds didnā€™t work on the website, any hints?

Wow, in case there are others out there like me where the basic initial enumeration of one of the most common ports on almost all the boxes isnā€™t there, reset the box. Donā€™t be like me and spend hours and hours working on the wrong stuff. Just reset and try again. Also, if someone disabled that service once they rooted, just why? Thank you for wasting a day a half of my life lolā€¦ you win I guess.

Working on root now. Iā€™m having a bad time with 1234. Rabbit hole?

Got User with 0 hints, it feels amazing. This is the best box ever hall-of-fame never take it down AAA+++

I may have found an unintended route to root :smiley: :smiley:

Hi everyone. I started this box 2 days ago and found user without hints which felt very good :blush:
I am now stuck onto root (I found same thing as @tacoLlama but canā€™t find anything on it) any hints on root ?
EDIT : found root. You just need to enumerate to correct files/folder :slight_smile:

Has anyone been able to tackle the 1234 issue manually? thereā€™s ā€œforbiddenā€ automation tools that can do it, but I am interested in how to do it manually

Rooted !

What a fantastic box, each step is pretty realistic. Thanks to @helich0pper for this one :).

PM if needed

Type your comment> @Meise said:

i managed to get some creds using the vulnerability and the requests, but those creds didnā€™t work on the website, any hints?

i found other files but still have no luck, if someone can pm me i would really appreciate that

Very fun box with basically no guessing needed, all the ā€œBreadcrumbsā€ are there :slight_smile:

Challenging box, nothing really exceptionally special but a bunch of rabbit holes and misdirections. It was good fun and very aptly named.

User: Just follow the breadcrumbs. Yes you need to pretend.

Root: Once youā€™ve found the K, reverse and see whats important. check whats been recent for A as J. Tunnel and map

So far so good. I got lost on make*******() since I donā€™t really know about that and donā€™t have that bit. I can look at the things, decode them, and seemingly should be able to make a new one.

:dizzy:

Nevermind, rubber ducky debugging strikes again. I found the file I was missing, which was clear as day on initial enum.

nice box. iā€™ve rooted it. thanks @helich0pper PM me for hints

Do I need to bypass the IP Address Ban message that I see on the page or is it a rabbit hole?

Type your comment> @acidbat said:

Do I need to bypass the IP Address Ban message that I see on the page or is it a rabbit hole?

Find the answer to your question?

Type your comment> @htbprctc334 said:

Type your comment> @acidbat said:

Do I need to bypass the IP Address Ban message that I see on the page or is it a rabbit hole?

Find the answer to your question?

Not yet - could be a rabbit or something I havenā€™t figured out yet :stuck_out_tongue:

This was an awesome box! Everything you need is right in front of you, though you may need to dig deeper.

I did have an issue with one of the services. For some reason, it was returning an error, but after a reset, the problem was fixed.

If you need a hint feel free to PM me.

Really great box @helich0pper!

Type your comment> @acidbat said:

Type your comment> @htbprctc334 said:

Type your comment> @acidbat said:

Do I need to bypass the IP Address Ban message that I see on the page or is it a rabbit hole?

Find the answer to your question?

Not yet - could be a rabbit or something I havenā€™t figured out yet :stuck_out_tongue:

rabbit it is

Type your comment> @acidbat said:

Do I need to bypass the IP Address Ban message that I see on the page or is it a rabbit hole?

I just added it for a more immersive experience:)