Fatty

If you stuck with root think about that: how would you update some random file if you can control only specific one?

I got user, but hit a wall on root. Anyone mind chatting about the privesc?

It is necessary to carry out logic by monitoring the server.

I’m lost in the void…
I found & get both programs, and get logged with the new user.
I’ve almost rewrote the client ten times to find my way… but nothing !
I think I know where the weak point is, but I can’t pass through (or I’m in a rabbit hole).
I’m asking for a little push, plz :slight_smile:

@alesc said:

I’m lost in the void…
I found & get both programs, and get logged with the new user.
I’ve almost rewrote the client ten times to find my way… but nothing !
I think I know where the weak point is, but I can’t pass through (or I’m in a rabbit hole).
I’m asking for a little push, plz :slight_smile:

Look for some OWASP Top 10 vulns in the server code, chain multiple to get where you want. It is not a rabbit hole, carefully read server code.

Finally got user.

@su1tan said:
If you stuck with root think about that: how would you update some random file if you can control only specific one?

Would that file be “the other jar” perhaps?

got code exec locally, but don’t know how to do the S**i right to get a*** ro** :T
annoying as hell, but man what a great box! makes me regret i didn’t take the job at your place @qtc, we could’ve been colleagues :stuck_out_tongue:
EDIT: ahh realised where i went wrong! shell here i come :smiley:
super stuck on root again, everyhing i’ve tried failed :T

finally rooted! thanks so much to everyone that helped, i needed that last little detail at the end to get it right
such a great box! great job, qtc!

It’s the beginning of day two in the battle for root.txt. I wonder how many more containers will die today.

Somewhat related: alpine should be more popular outside of docker containers. Persistent root filesystems are bad, and alpine’s packaging system is a nice way to avoid them. I used it as my main desktop OS for a long time.

Got user 2 days ago but very stuck on root now. Every time I think I made some progress I hit a wall and have to start over from square one again.

EDIT: currently I’m looking at c***d but i cant change the P***

Type your comment> @yakamoz147 said:

Got user 2 days ago but very stuck on root now. Every time I think I made some progress I hit a wall and have to start over from square one again.

EDIT: currently I’m looking at c***d but i cant change the P***

I have come to the same conclusion. I think that if you can write it somewhere and restart it, it should work.
But, I’m stuck at where to write :disappointed:
Any hint appreciated :wink:

Type your comment> @zard said:

Type your comment> @red0nyx said:

(Quote)
you need to update the jar file

Shouldn’t be the S****6 recalculated?

Finally got root !
I’ve learned tons of stuff with this box : frustration, sleepless, rage quit, whining…
I’ve lost hours (days? I’m not counting anymore) on lost causes, or trying to brute force useless things.

Thanks for the box @qtc, and a special thanks to @0x41

I am working on root and finding little. I have been watching stuff. I see things happening but… I cannot connect the dots… A nudge would be greatly appreciated!

I’m stuck on the second part for user. Anyone?

Type your comment> @BadRain said:

I’m stuck on the second part for user. Anyone?

Look at owasp top 10 then utilize great tools to generate payload. You need chaining multiple vuln to get success.

Now I need help for root. Always stuck when facing container.

Finally rooted this beast.

What a journey.

Connecting the dots is key.

Cheers!

Still stuck resolving this error.
Exception in thread “AWT-EventQueue-1” org.springframework.beans.factory.BeanDefinitionStoreException: Unexpected exception parsing XML document from class path resource [beans.xml]; nested exception is java.lang.SecurityException: SHA-256 digest error for beans.xml

any tips anyone

Hello everybody. I am doing this box and I am stuk. I was able to connect by FTP and download the files. I read the txt file and I understeand that in order to continue I need to decompilare the .jr file and fix It. It’s not a problem for fix It Because I studied for Little time J**8 but I no have idea how to decompile It… Any suggestions are really welcome and apprecied! Thanks everybody!

Type your comment> @CyberGeek01 said:

Hello everybody. I am doing this box and I am stuk. I was able to connect by FTP and download the files. I read the txt file and I understeand that in order to continue I need to decompilare the .jr file and fix It. It’s not a problem for fix It Because I studied for Little time J**8 but I no have idea how to decompile It… Any suggestions are really welcome and apprecied! Thanks everybody!

jd-gui seems to work fine.

I also used recaf