i get cred of user dinesh and i’m able to add brew to db
what’s next ?
any help for error at loading key invalid format ??
Rooted. Really enjoyable machine that had me stuck in a few places. PM me for nudges 
Type your comment> @voidhofer said:
I am stuck at the jail. Already got the credentials, all three of them, but I have no idea where to use them. Already tried SSH and looking through their gogs repos, but nothing worked. Can Someone please give me a hint?
I thought you were really in the can cuz your avatar almost looks lke a mugshot 
Can anyone plz tell me why i cant seem to access the api or gog pages? They are returning as Server not found… Ive edit my /etc/host/ file to reflect both name resolves but still nada, im at a bit of a loss. Can anyone help me on this?
Can anyone plz tell me why i cant seem to access the api or gog pages? They are returning as Server not found… Ive edit my /etc/host/ file to reflect both name resolves but still nada, im at a bit of a loss. Can anyone help me on this?
I had to restart my browser after adding updating my hosts file.
Type your comment> @toroflux said:
Can anyone plz tell me why i cant seem to access the api or gog pages? They are returning as Server not found… Ive edit my /etc/host/ file to reflect both name resolves but still nada, im at a bit of a loss. Can anyone help me on this?
I had to restart my browser after adding updating my hosts file.
thanks chief didnt even think to do that, thanks for the reminder
Finally rooted!
This has been my favorite box so far. Love the Silicon Valley theme.
Pretty much all the hints have been given. This box is really about enumeration more than anything else and has a very logical progression. Everything you need is on Gogs. Follow the breadcrumbs, RTFM, and you should have root in no time.
This is not a hard box per se, just a lot of information and clues to gather- you just need to read EVERYTHING carefully.
Spoiler Removed
Ok. I am going crazy here and might be missing something obvious.
I am running a** on b****** and see the c****-d* target. I originally thought I should tunnel from b****** to m****, but I don’t think that port is exposed.
So I managed to run S** via f**** sh***. I need a nudge now that I’m using p***** to look at m****
I guess my one question is. Should I have setup a tunnel through b****** or is that not necessary?
edit: nevermind. As soon as I posted this I found some extra credential. Rubber ducky method I guess
I found d****h user and I’m able to log in to brew. I can add the auth token header to POST data to brew db but I have no clue what to do next, how to generate RCE.
@halisha said:
I found d****h user and I’m able to log in to brew. I can add the auth token header to POST data to brew db but I have no clue what to do next, how to generate RCE.
Make sure you look through EVERYTHING. No fancy shell script required, just eyeballs.
You can get to it from the very first page you visit.
is the https laggy by default or something wrong with the box? it doesnt even load
Type your comment> @Salts said:
@halisha said:
I found d****h user and I’m able to log in to brew. I can add the auth token header to POST data to brew db but I have no clue what to do next, how to generate RCE.Make sure you look through EVERYTHING. No fancy shell script required, just eyeballs.
You can get to it from the very first page you visit.
Thanks. I have escalated, I’m stuck at sending payload, managed to get ping but no way to get shell.
Can someone pm me and give me some guidance on getting shell? I tried a lot of stuff and I kinda understood how it works and what I should done but Im stuck due to linux knowledge.
Rooted! By far the best box I’ve had the pleasure of doing.
It took me grueling hours to get user. (Part of it was I never encountered b****** before!!) It took less than 30 minutes after that to get root however!
I managed to almost ‘escape’ the jail, found the Socks Socks Helen keys but at the prompt it still asks me for a password.
I dumped all the database, found creds for other 2 users than d****h but only 1 of the credentials worked.
Also found out the Se***t.
I feel like I’m missing something.
Edit: I was not calling SSH properly, was first time I was logging in with private/public key linux.
Edit2: Got user and root. Feel free to pm me for help. I reply faster on telegram.
Would someone be able to point me to some good reading resources / provide a hint?
Got some credentials, am able to generate a token, know of a specific function that can be abused… but how…
*update - thanks for the people giving a nudge. finally cracked this box… definitely related to what kind of command you are using to get rce and the formatting of it…
Hi, newbie here. Currently stuck at the s** part. Was able to obtain info on all the alcoholic beverages listed in the db, but can’t seem to do so for the db’s first few entries. Is s**'s UNI** involved by any chance? Any advice would be most welcome. ><
Edit: nvm, found what i was looking for. Had been using the same fet** func when I was looking at the tab**s.
Edit: rooted. 'twas fun :3
Hello,
I have managed to get a reverse shell and it seems that i am a root user. However, i am unable to locate any of the proof files. Could anyone nudge me in the right direction or help to provide documentation where i could read about this instance? Thank you
Finally Rooted. Nice box! I learned a lot from this box.
Here’re my hints:
Init hole:
- Read the code carefully, especially some logs, and you’ll find the EVIL hole and the keys.
- Utilize the keys and you’ll jump into the jail. (If one payload fails, try harder, try other payloads)
- In jail, find the missing file, modify some other scripts to leak others’ keys.
User:
- Use the keys and login, read others’ secret codes and configurations. (IMPORTANT!!!)
- Open the door~~~
Root:
- Google the tool’s instruction. Less than 10mins you’ll make the root dance.
I’d like to say, we may ALL make the same mistakes which the box has in our real life and I experienced the same one that my college made.