Craft

NeehackOfficia · July 25, 2019, 12:48am

is the debug a rabbit hole? couldn’t find no RCE or LFI or anything useful

aj8417 · July 25, 2019, 1:49am

Type your comment> @nemen said:

I’m already in https but it doesn’t work. could it be that i have to insert something in resolv.conf?

yup.

pp123 · July 25, 2019, 2:49am

Hi,

■■■!! After suffering for some days on this box, I was able to obtain user.txt. Special thanks to @Kucharskov for the time taken to explain to me few concepts to understand how to proceed with the vulnerability.

From here, I will continue to root, but if someone needs some help please let me know.

PP

EDIT: Got root. After reviewing the hints on the forum.

PP

D4nch3n · July 25, 2019, 4:52am

Rooted. This might be my new favorite box tbh.

A lot of hints are mentioned in this thread already, but I might add this for user: Sometimes backtracking is useful

PM me if you want some tips

Nibodhika · July 25, 2019, 9:23am

Oh boy, this has got to be my favorite box so far, there are lots of steps, but it’s very straightforward and you probably have already found your next step before you know how to use it. In my years as developer I’ve seen how common a lot of these mistakes are, so it feels very real.

User: You should have easily found an issue with the code you have access to, it’s a shame no one hardcodes credentials anymore… but they do reuse passwords.

PS: If you’re having trouble exploiting the code, try it locally. And after you’re in initially don’t overthink (like I did) and start reading on technical exploits to escape your situation, you probably will find quickly what to extract from that experience, you just need to find a way to use that somewhere else.

Root: Your initial enumeration should have shown you something interesting, then it’s just a matter of understanding how to use the tool that you have a way of authenticating to allow you to use that interesting thing.

m0j0r1s1n · July 25, 2019, 10:31am

This root.txt is going to be the death of me. Just saying ( with a desperate cry for help and the whispering sound of defeat creeping in)

Meeryr · July 25, 2019, 1:53pm

Got root. Huge thanks to everyone who helped me. A super enjoyable box even though I had an unusually difficult time catching a reverse shell.

I think there are plenty enough hints already but I’ll add a clarification:

People are mentioning ‘going back to the beginning’ and I was attempting to do this too early (thanks to rev shell issues). You must have a shell that you use to enumerate further. THEN step back

If you are also struggling to get a shell callback shoot me a PM - I’ve probably gone through the same problem.

funkfel · July 25, 2019, 2:56pm

I am stuck at user. I have creds, token and one place to use them. Still stuck.
Asking kindly for help.

tbbt · July 25, 2019, 3:58pm

Woo! Finally got root! Thanks to @Kucharskov and @captainworm for help.

bansheepk · July 25, 2019, 4:28pm

Rooted! It was a good box for an AWAE student

qbob · July 25, 2019, 5:16pm

So much fun!
Hmu for hints.

jimmypw · July 25, 2019, 6:21pm

I enjoyed that. There were several “wtf now” moments and getting the payload to work without any feedback was infuriating.

PM if you need hints.

argot · July 25, 2019, 9:40pm

Well crafted box! Enough clues to lead you around and pays off in the end to read things. Lots of fundamental stuff to learn here for many, but not so tedious to be (overly) frustrating.

GibParadox · July 25, 2019, 11:49pm

Type your comment> @nullorzero said:

I am stuck at user. I have creds, token and one place to use them. Still stuck.
Asking kindly for help.

Same boat. I know where the vuln is, but the obvious exploit doesn’t seem to work.

adelmatrash · July 26, 2019, 12:29am

Type your comment> @extincted said:

Found some creds, and at token. Used the credentials. Need a pointer of what to do. Feels like I am missing something. DM me if you got some spare time

Same situation here, can someone DM? Thanks in advance.

calebreseau · July 26, 2019, 2:04am

Hi, I found creds and so token, successfully added elements to the dB via b**w, but I have no clue what to do next to get to the system.
Could someone give me a little hint, like on what should I focus on?
of course I don’t wanna be spoiled, I want to learn by myself

dreamcast · July 26, 2019, 7:16am

Can someone please PM me about the syntax for a shell. I’m getting some really weird responses back and can’t seem to connect.

adelmatrash · July 26, 2019, 10:06am

Finally I understand what I have to do and can continue. User hint: EVALuate the code.
Edit: got root shell, looking for user and root hashs. (is a jail)
Edit 2: got user, now fight to get root.

sh4rk · July 26, 2019, 10:56am

i’m root but where is the hash? ahaha

killinem · July 26, 2019, 11:06am

Hi anyone! I have a shl in the dr coner, found db c**s, but no idea how to move forward:( Please, give me a little nudge to the right direction via PM:(

Topic		Replies	Views
Official Flight Discussion Machines	70	5550	May 7, 2023
Ellingson Machines	435	59863	October 17, 2019
Control Machines	293	45845	April 25, 2020
LaCasaDePapel Machines	696	109732	November 8, 2019
Official Carpediem Discussion Machines	37	4111	November 13, 2022

Craft

Related topics