Official Breadcrumbs Discussion

Type your comment> @TazWake said:

@thecog said:

Are there HTB{} flags in this box?

I haven’t done this box, but probably not.

Machine flags tend to be in a file called user.txt or root.txt.

Alright. I have RCE and user… I’m just not sure what I’m supposed to submit…

@thecog said:

Alright. I have RCE and user… I’m just not sure what I’m supposed to submit…

The contents of user.txt. Normally this is a file in the user account or in a Desktop folder.

Still stuck on initial foothold I think…possible entry point about bypass on token, I’ve testing some tools for jwt but not sure what I’m getting…any hint ?? I had gobusting several times this machine but no luck in any other finding that could help me for low priv shell. Sorry if there is a spoiler in this thread, this is my first post.

@Ro0ki3507 you are on the right path. The server believes your lies if you tell them correctly.

Rooted! Very interesting machine! Thank you!

Mi hints:

  • Initial Foothold: Has several steps. There are more than books that you can read.
  • User: Basic enumeration is enough
  • Root: Understand what the application does and how it does it to get advantage of it.

It is a really nice box, it require attention to single thing, I spent a lot of time to try and retry a lot.

I am running into the same issues as @h4shcr4ck, @h0l1st1c4l and @RummyExpress mentioned, on the very last step I am getting some printable characters in the result, but not the whole thing.

EDIT: nvm, got help from Rummy

Hi guys! I’m stuck on the foothold part. I even tried to bruteforce the key of that token, but probably it’s not the right path. Any clue on that ?

EDIT: found a way :D. Always the same error, not enumerating enough and\or making wrong assumptions.

Howdy. Can someone DM me a hint. I’ve been able to enumerate users, create users, and i’ve used burp to intercept requests but I can’t seem move forward. DM hints would be appreciated. Thanks!

Type your comment> @minsidajedi said:

Howdy. Can someone DM me a hint. I’ve been able to enumerate users, create users, and i’ve used burp to intercept requests but I can’t seem move forward. DM hints would be appreciated. Thanks!

If you have some usernames, try to imitate one of them.

Type your comment> @h4shcr4ck said:

Type your comment> @minsidajedi said:

Howdy. Can someone DM me a hint. I’ve been able to enumerate users, create users, and i’ve used burp to intercept requests but I can’t seem move forward. DM hints would be appreciated. Thanks!

If you have some usernames, try to imitate one of them.

Hints. I’ve tried messing with the response but not sure how to get the right “answer”. PM me please so no spoilers released.

I’m running out of ideas on this.

I have the Kr*****_***** file and have accessed that 1234 service and gotten what looks to be either an encryption key or an aes encrypted string. (I’m Assuming it’s an enc string)

I don’t have the master key the program asks for. I’m assuming I’ve overlooked it somewhere. Reversing the elf does not appear to produce it.

Probably there’s some windowsfu that I’m not aware of.
Perhaps my enumeration is not up to snuff.

EDIT. got it a few minutes after I wrote that.

What a box. great stuff. hats off to @helich0pper the devious b@5t@rd :wink:

What I would really like to discuss with someone who rooted this was what method did you use to decrypt the final password. I keep seeing people mentioning modes, etc. I ended up using an online tool because it seemed like my regular hasher was not going to do the job.
I’m sure something like this could be made quickly in python or something but I’m wondering if there was a native/other tool in kali that i should know about.

Finally rooted. What a ride! This was my first hard machine, I learned a lot.

Foothold: Need to familiarize with the term “Breadcrumbs”. Enumeration is vital, you’ll understand piece by piece what you have in front and eventually you will gather all infos that you’ll need to go further.

User: Basic enumeration to grant you stable access to the box. Keep enumerating “stick” with it!

Root: Again enumerate and retrieve all ingredient for your recipe.

Thanks for the box

awesome box
the last part had me tho…i had to know more about the creator to get the password lol
i didn’t investigate but my guess is something to do with php encoding
anyway thanks for the box i learned a lot

OK, this was too much for me. It took several hours of 2 weekends and I couldn’t have done it in that time without many nudges from all of you.

So here are a couple of tips for others stuck in the same mind ■■■■ than me:

1- Foothold: the first part is really cool and very realistic, just do it like it’s a real target with patience. Once you get your scrying powers and find the obvious secret you are still going to be missing one piece of the puzzle. LOOK IN ALL THE FILES, yes in that one that has the right name but is ridiculous and never in a million years you would think that someone will change, that is the one.

2- User: OK, WinPEAS ■■■■ me up on this one, do the enumeration by hand. Again patience, lots of patience look in every single place in order.

3- Root: The internet search ■■■■ me up too. You get a very obvious clue and google send me to the wrong place. Look well in more google results, it’s there.
After that there are lots of steps and more enumeration to find more of what the clue told you about.
Finally, the Chef served me rotten meat, just use the first result from google and watch out for the correct mode as others had pointed out here.

Good Luck!

Could I grab a foothold nudge, first hard machine and im struggle streeting it. I have my magic scrying orb, but its a little foggy, anyone able to provide some clarity

edit: Ahhh yes, i walk away from the keyboard for 10 mins and i solve it. My crystal ball got alot clearer and i now see the crumbs

I’m having a bit of trouble with the final (I hope) stage of this box. I have got the ELF file and have examined that to get access to a certain web site and have an AES key but I don’t appear to have anything to use it with. Not sure if I need the master key for the ELF file or not.

Any nudges would be most appreciated.

Type your comment> @sloth1985 said:

I’m having a bit of trouble with the final (I hope) stage of this box. I have got the ELF file and have examined that to get access to a certain web site and have an AES key but I don’t appear to have anything to use it with. Not sure if I need the master key for the ELF file or not.

Any nudges would be most appreciated.

Scratch that, Now managed to get root.

Hey all

I am having some trouble with the initial foothold, I’ve done my ennumeration and have an attack in mind, but I need to do something else first for it to work

I think I know what to do but I don’t know how to do it.
don’t want to get into any details here in public, but if someone could DM, or offer to help with just initial part I’d really appreciate it.

Not usually posting, but I just rooted the box, and I wanted to say to anyone reading to NOT put too much thoughts into the hints given here, especially for root.
All this stuff about a recipe, Chef and the stew stuff… It’s an unnecessary (and involuntary) rabbit hole. Also, automated enumeration is great, but you actually don’t need it here (for the last part of root).
Great box, by the way!