Does anyone have a hint of what to do once I’ve got user on g*** server? I’ve been enumerating but theres nothing that really stands out…
Hint User: Try upload usefull file.
Hint Root: Scripting is good way.
This machine must give a badge and 10 points more.
Change my Mind.
anyone hint me on how to proceed please … have root on last part (git), found those sources, looked info on them, found some m*** credz, but other than that im lost (cant even find that m***), oh boy this one is loooooong, definetly CTF for 100 points 
Struggling to pivot here. My scans are showing only one other box out there with a single service? Had a good hunt for logs and configs locally, and have some strong candidates for box names and what they might be hosting, but can’t find anything. I feel like it must be obvious, as no-one else seems to have come a cropper here!
Any non-spoilery nudges welcomed.
Type your comment> @smallgods said:
Struggling to pivot here. My scans are showing only one other box out there with a single service? Had a good hunt for logs and configs locally, and have some strong candidates for box names and what they might be hosting, but can’t find anything. I feel like it must be obvious, as no-one else seems to have come a cropper here!
Any non-spoilery nudges welcomed.
Try pivoting to that box and see what you find.
@Phase said:
Try pivoting to that box and see what you find.
I did give that a go with no joy, but maybe I messed something obvious up. I’ll go back and re-focus on that again, cheers.
Edit:
Sorted! Many thanks to several people for the help and guidance, with a special shout-out to @Phase
One ■■■■ of a box. Felt a little too harsh and long for root at times, but on the other hand I learnt a LOT from it, so maybe it all balances out. Kudos to the creators
Type your comment> @smallgods said:
@Phase said:
Try pivoting to that box and see what you find.
I did give that a go with no joy, but maybe I messed something obvious up. I’ll go back and re-focus on that again, cheers.
I would look at the NIC’s on the box you pivoted to. That can give you a clue of where to scan next.
Finally rooted and enjoyed the journey. Thanks to all for nudges along the way. The ending is the best!
Spoiler Removed
This box kicked my ■■■. For four days straight trying to understand how to get root. Thank you to @m4xp0wer and everyone else with the tips and blogs.
And this clip highlights my frustration and its also a helpful tip!
root@Aogiri:~#
You know what? I still can’t find root.txt. Any idea?
Edit:
Wow. It was a very long journey. You will encounter with bunch of rabbit holes and trolls. IMO, very last step for getting the root.txt was cool and it was pretty educational for me. However, root process was CTFish.
Also, many thanks to @johnnyz187.
Thought I got all the way there and then got trolled. Giving this box a break (permanently, lol). User was “ok”. Don’t plan on rooting, though. Not worth it.
Where to find passphrase for ssh key ? the hash in se***.php doesn’t work .
do i need to decrypt shadow ?
EDIT: for passphrase , ce*l will help a lot
problem with port 3000 gogs not working ?
This box got a lot of hate, but no joke I think I had the time of my life rooting this one. Took a while, and yeah maybe rooting was considerably more difficult than getting user, but what a ride. So many rabbit holes!
Learned a whole lot, and any time I root a box and I learn something new I consider that a win. Thanks Minato and egre55!
Thanks mate @agr0
g*** server down?
Edit: Enum the network and Directories!
Edit2: Omaigod, rooted after 2 weeks! Would be months if it weren’t for the immense help given by @Alienware @TSB @cyberus
To newcomers: Get on the box, you’ll learn PLENTY!
Hint for user: File Upload Vulnerability + Think Harder, what other services can you exploit with that
Hint for root: Enumerate…seriously hard, everything is stashed EVERYWHERE, files, hidden files, network, the whole system and network, ssh and git fu is very useful 
Can DM if you guys need directions
Note for the creator @MinatoTW, @egre55: Amazing Box, learnt alot of new techniques even when it wasnt the right path! Seriously Loved it although i felt like dying at times @.@, Thanks again!
can anyone PM me a hint on what to do when g*** box is rooted? found additional creds, enumerated whole box, but can’t figure out what the next step is
EDIT:
Hint: you need to look deeper in what you already found…
…feel so stupid that I couldn’t figure out phrase for kaneki for a week when it was just in front of me Was just looking thru all possible info i had and boom - here it is! But how in the world i didn’t see that before…
i uploaded ,i got root,i moved to kaneki-** ,i found the Go** and i stuck for a while.
pealse i need hint to find creds.
or i have to escalate in kaneki-** ?