Official Developer Discussion

Great box overall. Beware a giant rabbit hole on initial foothold: you may gain admin access to the web application but still have missed the intended path.

Got User (amazing challenge, took me a few days), however I am currently stuck on second user/root - I have an idea to get access to the second user, however it fails (due to session is already started) and I am not sure it is the intended way or working at all, or if there is a way directly to root A nudge would be appreciated :slight_smile:

Type your comment> @SN1CK3RDO0DLE said: > Got User (amazing challenge, took me a few days), however I am currently stuck on second user/root - I have an idea to get access to the second user, however it fails (due to session is already started) and I am not sure it is the intended way or working at all, or if there is a way directly to root > > A nudge would be appreciated :slight_smile: If you’re www-data then you’d have to find another user :wink: But from that other user it would be slighty easy to root. Just one small challange :wink:

I’m stuck in root. I think to need a nudge :slight_smile:

Got user, really nice box ! Looking for root now…

Type your comment> @jsarmz said: > Type your comment> @SN1CK3RDO0DLE said: > > Got User (amazing challenge, took me a few days), however I am currently stuck on second user/root - I have an idea to get access to the second user, however it fails (due to session is already started) and I am not sure it is the intended way or working at all, or if there is a way directly to root > > > > A nudge would be appreciated :slight_smile: > > If you’re www-data then you’d have to find another user :wink: But from that other user it would be slighty easy to root. Just one small challange :wink: Small? Really? Am I wrong in my previous post? )

can i get a nudge on the second site to foothold?

Struggling with the final step on this box. I have found the interesting file, and know what I need to do, but can’t locate the info I need inside it. Anyone able to help? Update: Found it. A different tool helped - the one from the NSA works well. Thanks @TheCyberGeek for the box :slight_smile:

hello everyone, I got stuck during revshell to get the lowest user from the mechine developer when I entered the revshell payload nothing worked, is there any reference or clue that I can use??
Thank you:)

Tried almost every wordlist - none so far

Hey , Can i get a nudge for foothold? , I am currently stuck at the admin page for django

Is it safe to assume that a certain excel file is not a rabbit hole for this box?

Oops, someone already answered this a few chats up lol

WHAT A RIDE :slight_smile:
This is definitely a hard box. Now I’ve managed to get user, and I read through my own notes… I’m thinking… “yeah, pretty logic after all”
I lost 3 evenings because of s*t**** … using the module I thought I should you instead of usual / regular module!
After this, it went pretty smooth until user.txt

Gonna make a break before jumping into root though :wink:

… and as always, PM if stucked

1 Like

Rooted!

Thanks @camk for his help and patience for the last-last part … Really need to improve my game with gh***a :wink:

Did anyone have to clone a login page for this? It’s my first time having to do this, and the tool I wanted to use isn’t working. I think I might have to find another tool, or figure out some other more ‘manual’ way to do it, but I need some ideas. I’ve been stuck on this for at least a week.

Use the tool that you’re referring to. I had the same problem with getting it to work. You might have to use an older edition of python to get it to work and install whatever dependencies required for the program to function. After that, it’ll work.

1 Like

Rooted! Whew that was a wild ride. Much appreciation to the homie @clure for helping me out with this box. Not sure I’d rate this Hard, but Insane (but that’s just me).

1 Like

rooted finally! Insane machine!! If you are currently working through this machine then you must know what you are doing so i’ll provide some basic nudges to get you through. I can’t think of a way I would have progressed without some help, Shout out to @roarribbit.

Progressing to Foothold: Those that hit a brick wall instantly, this is for you (cause it happened to me).
When you up**** the w**********, you should view the source of when that link appears to see what it does. Research that one line of code to see if there’s any technique you can use to take advantage of it. Its a long way to the foothold so if you can get past this part, nudge me if you hit another wall.

User: Just like all the other boxes. Do your basic steps. Like I said before, if you’re working on this box, you should already know what you’re doing.

Root: This is where I’ll class this box as insane. Stop here if you don’t have any reversing experience. Make sure to take a “break” in the right spots so you don’t get tired like me.

For those having issues with the RE, I’m happy to walk you through the steps i took to do it. Disclaimer, I am NOT an expert at all with RE ( I completely suck at it to be honest), but, I can provide a Barney-style walkthrough of using g***a to find the goodies. I won’t give the answer, but will give steps and stuff to look out for. Watching the SANS FOR610 intro to G****a was helpful with familiarizing myself with the tool and gave me some idea of how to start, as well as nudges from the community.

Need help with root part. I just wasted 3 days on this. Give me a hint with the RE. I tried different programms but nothing…