check what’s in the original v***e and think what server may be expecting before accepting it
i didn’t get this to work without modifying .j files
There are a lot payloads you can try but only one of them works. Make sure to try all.
Also any privesc tips?
Ah, makes sense. Thanks.
Got user. Thanks to anyone who helped. Now on to root!
Please help… stuck on elevating by admin (last step)
Got user, would appreciate a pointer in the right direction for privesc.
Rooted. I used the easy way. I’d love to pop a shell. I think I know what to do; I am failing at it. Would someone guide me?
Totally got root… harsh machine !
Rooted.
This box is fantastic. Several interesting concepts involved in a single box. I definitely plan to go back in this box to try alternative ways… 
Many thanks @MinatoTW for this!
Rooted. It was painful but fun.
High quality box.
??
hashcat currently saying 2 days to crack the b*****.**g with 2xRadeon r290x and Rockyou.txt? is that right? or should this be much quicker, or am i simply overlooking something simpler?
Type your comment> @Ripc0rd said:
hashcat currently saying 2 days to crack the b*****.**g with 2xRadeon r290x and Rockyou.txt? is that right? or should this be much quicker, or am i simply overlooking something simpler?
As @MinatoTW said: “you can intelligently create a “subset” wordlist from rockyou depending on the box.”
You will spend just 4 minutes to crack if after doing that.
Type your comment> @ElTete said:
Type your comment> @Ripc0rd said:
hashcat currently saying 2 days to crack the b*****.**g with 2xRadeon r290x and Rockyou.txt? is that right? or should this be much quicker, or am i simply overlooking something simpler?
As @MinatoTW said: “you can intelligently create a “subset” wordlist from rockyou depending on the box.”
You will spend just 4 minutes to crack if after doing that.
Yup, realised what I should have done once my GPU’s cooled down :-/ live and learn…
trying to figure out how to combine the secret thing with the other thing to make it readable now…
Sooo… If anyone wants to throw me a bone on how to decode/decrypt the things I have, that would be great. Tried writing something in Python, but failing miserably.
Am i the only one here who got stucked at generating the right payload for many days?
Or something obvious that i am missing?
Ripc0rd, official doc contains all algs, but after you will decrypt you will need to encrypt, an encryption is not so stable as decryption.
offsecin, you are not alone, I am sure for my encryption code but payload did not work from the first time. May be weekend will attack this box again, but after three hours of writing code the last weekend cannot get back a ping.
I extracted the st from the bp file, able to decrypt v*******e value but failing to encrypt it again. I think i gathered everything I need but still no success. Any help would appreciated
i had a typo(which cost me like 10 hours) now struggling in payload.
Able to ping myself POGGERS.
Rooted. I think there are many ways to get root. I didn’t hear or saw my solution anywhere so my suggestion is keep enumerating, understand everything that you saw and try what can you do with it .
could not wait for the weekend and passed this box tonight.
@offsecin dont need to improve skills, library works fine and payload generates correctly
@Ripc0rd I used python directly instead of script and the same code miserably started to work
Hint for root: go around the castle)
My this was a hard box. Medium my ■■■.
UseR: Don’t bother with cyberchef. Use python.
Root: Enumerate. Powershell. Share.