Curling

henjoe · January 29, 2019, 8:13pm

anyone wanna give me a hint on getting root ?

shujinko · January 29, 2019, 11:45pm

Just got user and root on the box. That was fun, but getting the final flag doesn’t feel as satisfying as a root shell. Getting the root flag isn’t as difficult as it seems.

gelosecurity · January 30, 2019, 4:26am

Confused on what to do with the p****_b*** file…any nudges would be appreciated. Can’t read the user.txt

starcraftfreak · January 30, 2019, 5:13am

I got root.txt. Could someone who recieved a shell as root explain how you did it? I didn’t use a root shell to access root.txt.

Cybeernoob · January 30, 2019, 2:40pm

Lost here!! Could someone DM me. Cant read user.txt and have no idea what to do with hex dump p*****.******p

iainpbsec · January 30, 2019, 3:08pm

@Cybeernoob said:
Lost here!! Could someone DM me. Cant read user.txt and have no idea what to do with hex dump p*****.******p

Try displaying the contents of the the p******_****** file to your shell, then - Google!
You need to figure out the file type.

Update: I DM’d you a hint. It’s already mentioned in this forum so I don’t think it’s a spoiler - magic number!

Draughts · January 31, 2019, 4:41am

So me and my friend has been going for the root flag for hours and hours now. We are completely stuck. We have found the I**** file and believe we’ve got something going there, though we can’t seem to wrap our fingers around how to go forward. Is there anyone that could give us a tiny little hint on how to proceed?
Feel free to DM!

valkyrie · January 31, 2019, 5:08am

Shelled and rooted this today. Very fun little CTF box with some good learning experiences mixed in. I saw a lot of people struggling with root shell or difficulty accomplishing it in a nondestructive way. I’m not sure if my method was the intended one or not, but I didn’t have to damage anything in the process. Just takes understanding what’s going on with what is in front of you and doing a bit of a “detour” with basic Linux functions.

tabacci · January 31, 2019, 7:04am

The only problem to get user is c00l h4ckers that instead uploading shell block front page.
But after you upload shell just decode all things.

The way to root is also obviously.
After you see the direct way, do not walk from it and will not waste the time.
Have never seen such trick for root before. Nice and intuitively.

iainpbsec · January 31, 2019, 9:31am

@Draughts said:
So me and my friend has been going for the root flag for hours and hours now. We are completely stuck. We have found the I**** file and believe we’ve got something going there, though we can’t seem to wrap our fingers around how to go forward. Is there anyone that could give us a tiny little hint on how to proceed?
Feel free to DM!

DM incoming

0dinpwn · January 31, 2019, 6:58pm

Need help to get user , can someone pm me ?

testacl · February 1, 2019, 6:52am

Thanks L4mpje - good introductory box.

54pp0r0 · February 1, 2019, 9:47am

I cannot get user, any hints? I scanned all pages with dirb and found directories which can be usefull for file exploits. Also I think the login has something to do with Super User (admin in standard joomla) and Floris. No clue where to login or how to get user, please give me some help to learn. :))

iainpbsec · February 1, 2019, 10:29am

@54pp0r0 said:
I cannot get user, any hints? I scanned all pages with dirb and found directories which can be usefull for file exploits. Also I think the login has something to do with Super User (admin in standard joomla) and Floris. No clue where to login or how to get user, please give me some help to learn. :))

Hint: View Source

54pp0r0 · February 1, 2019, 11:04am

So I got a reverse PHP shell and I see the user.txt file. But it says permission denied, any hint or help how to fix this please

m1chaelsh1 · February 1, 2019, 3:55pm

@54pp0r0 said:
So I got a reverse PHP shell and I see the user.txt file. But it says permission denied, any hint or help how to fix this please

check carefully and you gonna find p*b file , and learn from bandit12 ,the you will get user

54pp0r0 · February 1, 2019, 7:03pm

@m1chaelsh1 said:

@54pp0r0 said:
So I got a reverse PHP shell and I see the user.txt file. But it says permission denied, any hint or help how to fix this please

check carefully and you gonna find p*b file , and learn from bandit12 ,the you will get user

I got the p*b file and decoded it to password.txt. So I got a password but I have no idea what to do with it. Cant log in with SSH, cant use it use sudo root… Help pls

xzen · February 2, 2019, 3:57am

have been working on root for a while now, have found the I**** file but am hitting a wall. just wondering if someone could give a hint on the way forward?

diogper · February 2, 2019, 6:35pm

Just rooted the Box. Althouth it is an “easy” box, I learnt a lot. Congratz to the maker.

R0adRunn3rrr · February 2, 2019, 10:52pm

Sorry guys this is driving me nuts to decode the hex… followed bandit12, get the type of b*2 file it is… etc… when trying to decompress saying invalid etc… am i completely thrown off scent? or am I missing a trick? DMs welcome