Curling

@Center said:
Can anyone give me a hint as to why I see the magic bytes, Google them, end up with a program B***, use it and then get the error that B*** can’t do it’s magic?

You probably did not bring the file into the needed format. I guess if you use file $FILE it should give you the correct filetype unless it is not formatted/converted correct

rooted the box! really interesting attack and not something i have come across before, I wasn’t able to get a reverse shell for root if anyone has id be really interested in finding out how they did it! let me know if you need help and ill gladly assist!

Really a fun Box, thank you @L4mpje !

A few hints:

  1. If you are using a common tool to create passwordlists based on web content, you still have to modify the list with common rule sets. And in the first place it is not the intended way and you are overcomplicating things, just have a closer (manual) look at the things in front of you.

  2. If you try to get a shell remember you are blocking other people from using this machine if you change common used files. Btw you can also create a NEW file.

  3. For privesc. Write a bash script to see what is going on. Then it should be easy.

Anyone who feels like helping me out with P*******_B****, ive managed to convert it both through plaintext and converting the hex but the tool i try to use says the file is corrupted.

@stigxenon said:
Anyone who feels like helping me out with P*******_B****, ive managed to convert it both through plaintext and converting the hex but the tool i try to use says the file is corrupted.

Then you haven’t converted it properly. There are more than two steps needed to read this file. The file signature matters. (Magic bytes / Magic numbers etc)

Got the shadow file of the machine with the root hash in it. Is it worth it to hashcat the hash of root, or is there a faster way?
Edit: nvm I am stupid. Got root.

I’ve been having a hard time triggering the c*** process, which is supposed to execute what is inside the i***t file.

as far as I know, it should be executed automatically - right?

@joesch said:
as far as I know, it should be executed automatically - right?

If you run ls with -al` every minute or two you can see the timestamps change and, if anything else has changed, you can see the variations.

@TazWake thanks for your reply - just PM’d you

I got root :slight_smile:
May be it’s a unintended way any one want to share some thoughts??
PMs are welcome

Hey Guys,

Total noob here. i am not able to figure out how to get to the user. found the ad*********** page, tried defaults, found F*****, and then found s******xt … but i have no idea as to where to go from here :confused: can anyone help me here !!!

Hi, anyone want to PM me and hint privesc?

@vejt said:
Hi, anyone want to PM me and hint privesc?

Enumerate the folder you have found yourself in as user and fully read the man pages for the tool the box hints at.

Hi guys, this is my second hack attempt ever and sofar I have gotten the root.txt, but I am kinda lost when it comes to using c*** and i am clueless on getting an actual root shell. bruteforcing the shadow file didnt seem like the way to go. Can anybody give me a hint what do to with the c*** instead of just reading files?

got the secret, got reverse shell, download backup… can anyone PM with hint? completely stuck…

Hi every one, could someone help me on this machine, i got password_backup but dont know what to do with it

Finaly i found out how to extract the password

Really stuck on privesc. Can someone PM me some help please? I know I’m overlooking something simple but I just can’t think what.

I Get Root + User Also
But Still Not Know
What Did I Do Woth That Pas***_bac** File

For getting root i used c program with help of metasploit { alternative way }

But what i do with That Password backup file

I wanted to learn how to decrypt that

@Amzker - check your pms