Official Ambassador Discussion

Great Box, on the easier side for medium, nearly rabbit holed myself for a while though.

User: basic enum, some research, obtain a database file, look in tables other than the usual one…
Root: little confusing if you have never seen this software before but look for a .git dir and read up on some documentation/exploits and you should be good.


If anyone knows how to root manually, please PM me. Spent several hours trying to figure it out.

Just rooted, box was a lot of fun the whole way through. Was really nice to see a Hugo site on a box too, my personal fav static site gen.

Hi! Any hints on the priv esc please? I feel I’m really close :smiley:

You want to make sure things are HEALTHy. be sure to CHECK if they are. A running service should be willing to do it for you.

some one got the root with con**l i need some help here


How to fix (trying to connect to mysql)? Plugin caching_sha2_password could not be loaded: /usr/lib/x86_64-linux-gnu/mariadb19/plugin/ cannot open shared object file: No such file or directory

UPD: fixed by using docker mysql (dk why kali mysql not work)

Rooted. Not a medium box, more like easy.
PM me if you need a nudge

How to find the grafana username and password?
I did not find in the python file

I can’t log into the mysql server even though I got the password for it. (I copy pasted the password)

Same as you, got gr**** username and d****** password but I have access denied when trying to access. Did you solve that ?

Do not miss the ‘!’ when copy pasting

already solved; I misspelled the username :slight_smile:

How did you do to submit the flag ? Does not work on my side

I’d say keep looking in databases and its tables that may have an another password in mysql server

also if you’re still stuck on access denied, here’s a hint: there is one f in the username.

Did you resolve this ? I have the same issue with user.txt and root.txt flags

Am I the only one that has error message when submitting flags ?

1 Like

Facing the same issue here with both user.txt and root.txt.
Should we be calculating any specific hash or just paste the value directly?