Official Ambassador Discussion

Gateberg · January 6, 2023, 3:53pm

Rooted! Path to user relatively easy.
Priv esc to root had my head spinning. Used an automated method which I didn’t think would work so I guess I got lucky. Feel free to DM for help.

ama2 · January 20, 2023, 9:06pm

for those who get stucked in root here are some hints that may help you :

-look for .git folder and search in google what is it and how you can extract history from
-show commits in git log and look closely in the outputs (you can know what kind of application has been used ‘Consul’ and read the red lines it contains helpful info ‘Token’ you are gonna use for exploit.
-if you use linpeas look for the ports used locally you will find something that can use for RCE
-search about Consul RCE ( you may find exploit script in GitHub )

superamzker · January 25, 2023, 8:05am

rooted:
hey guys is it like user.txt content changes?

see when i initially got user i added the flag and it got accepted, after getting root shell , i opened user.txt and flag was entirely different, i tried to add it and it said user flag is already added.

schoobydrew · January 27, 2023, 1:03pm

Fun box with enumerating and research, enjoyed particularly the privilege escalation. Had trouble getting a certain leak tool to work tho

riboyster · January 27, 2023, 10:05pm

Struggling with go on decrypting the AES. I get “no required module provides package golang.org/x/crypto/pbkdf2: go.mod file not found in current directory or any parent directory”

Anyone come across this problem? Can’t find any solutions online.

Plus1059 · February 7, 2023, 10:56pm

Just rooted. Very fun box. Challenging but not frustrating.

Foothold: There’s an interesting service running on http on the box besides on port 80. What’s the version running? Is there any exploits for this. Try to leak some info. There’s some juicy loot to be had.

User: Look in all the places, not just the obvious one. Don’t forget what you found on the initial nmap scan.

Root: This one kind of kicked my behind. This is a development box. Often times early in a project devs leave certain credentials are hard-coded in their projects. Like @ama2 said, find out how to examine the history from a .git file. Look at all the different changes that have happened over the projects life.

From here, there’s some interesting ports only open locally. Look into the service running on them.

Feel free to DM me if you have questions!