Did not really care too much for initial foot hold. I liked root. Got the flag, but also got a root shell through my existing session. You can execute commands, so what could you do? The possibilities are endless…
User: The commands listed on the reference page are there for a reason, and so is the reference to another page. Find a voice that executes the single ingredient you need to perform the attack (based on what you see in the error message), and then build out the rest of the command. Look at what the reference page gives you and use it, but you can also disregard at lot that isn’t specific to the attack vector.
Root: Basic service enumeration. I believe I was able to trigger it myself, but not sure. Regardless, not a big deal because it worked pretty easily off the shelf.
To be honest. The Idea of this box is really great. Finding a suitable TTS for this one though proved extremly frustrating, using my own voice didn’t work since my accent seems to be to strong.
Providing some functioning example TTSs or atleast a direct reference to a few would have made this a whole lot easier. I literaly spend hours trying to get the correct payload to be recognized.
Great concept box that needs more luck for the foothold than I would like.
Rooted. Couldn’t have done it without help from @Andry .
Used a very “rude” method to do it though. Not sure how it was intended to be done.
As always a box with a very unique exploit involved from @MrR3boot , thanks!
If anyone needs a nudge feel free to PM me
