Official CrossFitTwo Discussion

i got connection back but no idea how can i exploit it :frowning:

@nourmuj said:

i got connection back but no idea how can i exploit it :frowning:

You probably aren’t alone there. I see over a day after release no one has got any flags.

“token” is driving me nuts! cruising right along and then… brick wall. Anyone else stuck at the same point?

Type your comment> @mrwigglet said:

“token” is driving me nuts! cruising right along and then… brick wall. Anyone else stuck at the same point?

Yup, have been stuck in the same place for a while now and retracing my tracks incase I missed anything.

I wonder if there’s anything on that other port. I’ve been playing around with it, but nc isn’t showing me much…

Is there a reason why this machine is still marked as Release Arena?
Been seeing that a few times now with newly released machines.

Are you talking about **** port? I think thats d*s.

Type your comment> @TazWake said:

You probably aren’t alone there. I see over a day after release no one has got any flags.

Wondering what the point of such insane machines is if only the super gurus can hack them two days after release.

@acidbat said:

Is there a reason why this machine is still marked as Release Arena?
Been seeing that a few times now with newly released machines.

New to me too, but it looks like this machine is the current machine in the weekly release arena. If you go to that link this week, you can spawn your own instance of CrossFitTwo dedicated to you.

There’a actually a part in the middle of gaining user for this box where I wonder how well it would cope with lots of simultaneous attackers. One attacker doing an attack might prevent another from carrying out theirs, so I can definitely see the benefit of release arena. (or maybe I misunderstood the behind-the-scenes workings and simultaneous attacks would be feasible)

I’m also getting stuck with a token issue. If anyone’s willing to offer some pointers it would be appreciated!

Type your comment> @ch3rrybl0ss0m said:

@acidbat said:

Is there a reason why this machine is still marked as Release Arena?
Been seeing that a few times now with newly released machines.

New to me too, but it looks like this machine is the current machine in the weekly release arena. If you go to that link this week, you can spawn your own instance of CrossFitTwo dedicated to you.

There’a actually a part in the middle of gaining user for this box where I wonder how well it would cope with lots of simultaneous attackers. One attacker doing an attack might prevent another from carrying out theirs, so I can definitely see the benefit of release arena. (or maybe I misunderstood the behind-the-scenes workings and simultaneous attacks would be feasible)

Hmm very interesting @ch3rrybl0ss0m.
Thank you for taking the time to attend my inquiry :).
Might need to reconsider the spawning my own instance part

Spoiler Removed

Type your comment> @gh0stm5n said:

Found the s**i; can read db; can read some files; token does not work on…

I’m in a similar place. There’s a lot of confusing things about the higher port, as well as the source of the token. It seems like a lot of things so far have been less useful than they should have been…

is the un***d connection useful? I cant get it to ds forward

anyone had luck with bypassing login on c*******-.htb? I am talking about t

Finally got user! Took a week, on and off; this is my first insane box. TY for the suffering, I’m having fun :slight_smile:

Well I did two weeks and needed help from a teammember to reach user. But this system learned me a lot of things that were new to me. So give it a try!

Thanks to the creators and sorry for the spoiler above. At that time I did not realize it spoiled certain things. Now looking forward to the ippsec video. I wonder if some things can be done smarter.

We clocked in around the same time, @gh0stm5n!

root@crossfit2:~# id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)

There’s a lot that’s confusing and unique about this one, but there’s also a lot to take away from it. Thanks for the craziness!

Edit: Was way off.

done. took me a long time, and I learned a lot of new things. thanks @sicario1337 for your advice along the way.

great box @MinatoTW & @polarbearer !

is the p*******-r****.p** t**** a huge rabbit hole? I am able to get a valid t**** back, but it keeps telling me that the p*******-r**** service is disabled.