What a ride!!. For rooting this machine, one needs to acquire root on four machines. Thanks everyone for providing helpful hints in forum . Special thanks to @Leonishan @0xskywalker for helping me a various steps
could someone please help me with root for ghoul???
This box seemed unnecessarily complex for root.
There was way too much stuff to enumerate, way too many users/files/network configs to keep up with for a single box. This almost seemed like a Fortress challenge to me. Honestly, it would have been better in that format where there are several flags scattered around on the different machines with hints in the title of each flag to vaguely hint in the next direction.
I got the user flag like 2 weeks before getting root on this box. If it wasn’t for @pepelu patiently guiding me past the roadblocks, I would have given up long ago.
Same here, where is the root.txt file. I have the 3 set of credentials and I’m at root on the last container where se**.sh is located, but can’t seem to figure out the location of the file
If you are trying to crack ssh passphrase dont waste your time with rockyou or any other large wordlist - use custom (maybe cewl’ed) wordlist.
Type your comment> @Anyway said:
Same here, where is the root.txt file. I have the 3 set of credentials and I’m at root on the last container where se**.sh is located, but can’t seem to figure out the location of the file
There were friends youtube video. And if watched it you should know that the sofa went back to the store where he bought it…
please stop reseting the machine !!! please
Type your comment> @bL4ckWoRk said:
please stop reseting the machine !!! please
Resets are not needed.
Whoever is doing this to make exploit work just change repo name inside python file (there are plenty of comments) and use--c****upkey. It’s just can’t create the same repo that’s why it stops working
So I’ve been busy on this machine, enumerated, enumerated and enumerated some more. All I’ve got to show for it are some pages, a load of usernames and one pair of credentials for l**in, which seems to be a dead end to me. It’s my first post here, and don’t want to spoil too much details, butreally hitting a wall here, is there anyone that could give a push in the right direction? Apparently there’s this upload page that everyone’s talking about?
Any hing about escaping **-pc? I found new web server and potential username in to-do, but dont know password.
EDIT: If you struggling with gogs password - take a step back, and from your first docker enumerate common places where something stores credentials, even if it is not related to anything what you thing will help you move on.
Type your comment> @CyberMnemosyne said:
Finished - but only through massive amounts of help from @phase, @badbit and @leonishan.
Too long, too many trolls, too many random guesses and then a final, you only have 30 seconds to complete this last pivot thing.
As interesting as some of the exploits were, they could have been split into different challenges .
This is the movie you skip and wait until it comes out on video.
Your movie analogy is the most accurate description of this box I think I’ve seen. Went to see it (do it), was kinda pissed I spent “money” (time…) on it, and now wishing I’d just waited for it to come out on video (retire) instead…
Oh well ?♂️
Finally …find the root flag … Its very nice machine and at somepoints its irritating me … But overall good machine !
Need some help in root of ghoul I think I have the gained the max. foothold and I’m at the last stage of it
Well, finally rooted.
The foothold for user was by no means a stretch of the imagination.
Root on the other hand… Jesus Christ. I honestly can’t possibly recommend this box to anyone. If you have multiple days to simply set aside and dedicate solely to this box and this box alone, go right ahead and try it. Otherwise, don’t even bother. I managed user on this machine in about 2 hours, and that was almost 2 months ago. I just got root last night after an on-and-off 2 month long battle. Granted, I took multiple breaks from this (because I had to, honestly), but root took so ■■■■ long regardless…
Best of luck to anyone else working on root for this one… It’s a ■■■■■■■■ doozy.
rooted, we should have a badge after root this machine.
i want my badge !!!
THIS BOX GOES ON FOREVER!
Edit: rooted
This box was waaaay too long. I’ve been at it over a week and even with some pretty substantial tips there were times where it just seemed there was no way forward. It’s not hard, its just annoying,. That said this box really challenges your ability to think creatively with what is possible when your usual tools are several hops away. The box gets far more interesting the deeper in you get.
That’s a nice compliment! Thanks for trying out the box and yes , we’ll try not to make a path so tedious from the next time.
Really struggling to get past /us/l*.h at the moment. I’ve enumerated pretty hard and seen a bunch of hints I’ll be damned if I can guess my way in. Did some wordlist building with cewl and let hydra run at it for a while.
I’m currently going back over enumeration and seeing what else I can dig up. Would appreciate a bit of a tip here though - is there anyone I can pm abou this?
Type your comment> @smidgey said:
Really struggling to get past /us/l*.h at the moment. I’ve enumerated pretty hard and seen a bunch of hints I’ll be damned if I can guess my way in. Did some wordlist building with cewl and let hydra run at it for a while.
You should see with further options go to higher port and do more enumerations its easier then u think try wht u always try (big hint there ) once ure there u will see through it
My journey is not finished yet it felt awesome getting the user with all the pain that i have been through from the beginning till now i would say its unfortune that this box is only 40 pts the road to root seems exhausting big thanks to @MinatoTW you made great work there i have learned alot untill now thank you