Type your comment> @19Rich said:
Have basic RCE, have not fathomed shell / priv esc…
Same spot, i tried the moste obvious things to get a shell, but no luck yet
working on rce. nice work on this @MinatoTW its a tough machine! got me doing more reading and learning about a relevant vulnerability that i dont know allot about 
Anybody around who is still working on Priv Esc for Root? PM to bounce some ideas around?
Nevermind I think I got it… Or not… Is the butler h**h rabbit hole?
Hey guys, Could someone point me in the right direction for de******g the ViSe. I thought I had everything right but I guess i’m not reading the right docs…
Feel free to pm, Cheers.
■■■■, that medium box with only 20 roots after 4 days XD
string is fu**in me up! scripting out a way of decoding the string… i have read a fair amount and think i understand how the string is constructed and encrypted but not getting it right. BAD MAGIC NUMBER. son of a !
when you finally restore batman powers. #proud #rootdance
Finally got user, this box is really fun and hard ahah
Type your comment> @rlfonseca said:
when you finally restore batman powers. #proud #rootdance
This is my current battle. I am losing!
working on root and i cannot find a way to switch user using password… tried rus, ps**** and st-p*****s. i got only a headache.
PM?
Is this possible to get a revshell on this machine with RCE? It seems I can only do some basic commands like ping.
yes, it’s possible
Thanks @MinatoTW for very painful box which made me learn tons of stuff … 
and everyone who has helped me in the way, including @ophelia
Still floundering and stuck at our favourite superhero who, ironically, can do everything in the films but very little on this box! I gather that getting beyond Mr Wayne and on to Administrator probably has something to do with the .b** file and possibly also U**, though I’ve no idea what. Don’t even know what to Google at this point! Any tips?
Boom - got the root flag at last! Thank you so much to various people that helped me on this. Many lessons learnt here, good work @MinatoTW, great box.
If you’re struggling at the final hurdle, return to things you likely enumerated during your first 2 minutes of this challenge - don’t overcomplicate things that don’t need to be overcomplicated!
@19Rich i think that route is unintended but i may be wrong, anyway it works
I can decrypt, encrypt, sign and verify locally. I am failing to inject. Would someone review my approach? I don’t see what I’m doing wrong.
Type your comment> @davidlightman said:
I can decrypt, encrypt, sign and verify locally. I am failing to inject. Would someone review my approach? I don’t see what I’m doing wrong.
Same here as you, can decrypt original one, encrypt again, post to page and works. When i generate my own payload it doesn’t work … anyone can help me, im stuck for days 