So far so good. I got lost on make*******() since I don’t really know about that and don’t have that bit. I can look at the things, decode them, and seemingly should be able to make a new one.
Nevermind, rubber ducky debugging strikes again. I found the file I was missing, which was clear as day on initial enum.
Just a tip so people don’t loose a few hours like me : when it’s time to “pretend”, during the initial foothold phase, you might have to reset the box to make it work. Someone might have done something that makes it impossible for you to pretend to be your target.
Might be a bit cryptic but I don’t want to spoil.
Awesome box ! Your enumeration has to be on point. I enjoyed a lot the last part, the process of setting everything up properly after figuring out what was going on was very satisfying. Thank you @helich0pper
(this is my first Hard box, and I’m finding it a heckuva jump from Medium…!)
Can I request some help with the foothold, please? I’m using burp, and a well documented technique to read files I shouldn’t be able to read, but I’m struggling to identify the right file to read.
For example, I’ve read the contents of db.scriptinglanguage (which, I assume, means my technique is working?), but when I use that same technique to read the files in the scriptinglanguage folder itself, I don’t see the amount of “scripty stuff” in those files that I expected to see.
EDIT: well, this just embarrassing… thanks to @camk , I’ve now realised my initial recon of the box was lacking. Not sure how I managed to screw up that step, but lesson learned - “check your basics, Paddanada!”…
Just Rooted the box it took 4 days to complete. While doing that box i feel like working on real world target. No bruteforce no guess work… You must see everything in technical way.
To solve this box… Must understand the application flow.
Enumeration is the key…
Thank you @helich0pper
After spend a far bit of time on this box it’s clearly going to require more skills then i currently have. For all you that have finished it and have OSCP cert would you say this the kind of box that one should expect to find on that exam?
Hey,
I’ve been working on root but I’m currently stuck.
I’ve seen what’s inside K, and have been trying to read the content of that one table through several means but no luck so far. Is it what I’m supposed to do or am I missing something?