Official Armageddon Discussion

Finally got the user, a little hint with my*** : put an “exit;” after any request and you see the output.

Rooted thanks to small help i needed from @alemusix

User: after having a small foothold, just brute force.
Root: The best tip i can give you - ignore errors, sometimes they dont represent whether you succed/failed run your payload.

can anyone help me with root?

Why am not able to authenticate to ssh ssh@brucethe****@10.10.10.233 -p 22
connection closed by remote host AM TIRED TRYING TO SOLVE THIS …
i even asked my friend the ssh autentication worked for him except me …

@SackOfHacks said:
Rooted this machine.

Hints:
Initial foothold: enumerate the web app and use google
Getting a ssh session: find a user and keep asking access…
Root: ask what you are allowed to do and use that to your advantage

All in all a fun box, a little different than the usual and definitely one of the more real-life ones out there. Thanks to the creator!

am not able to get ssh session it says connection closed by remote host …
ssh brucethe************@10.10.10.233 -p 22
Connection closed by 10.10.10.233 port 22

Got root, root was damn easy, did a lot of overthinking for user though.

id

uid=0(root) gid=0(root) groups=0(root)

:slight_smile:

Overall, kinda a “meh” box in my opinion and closer to a medium, especially given the limitations in getting the initial foothold (if you got a revshell you’ll understand what I mean).

User

Enumerate what is running + do some googling and you shouldn’t have any trouble with RCE. Persistance may be troublesome, but try to “flow in” in areas of least resistance. Getting user.txt will take some additional enumeration/exploitation.

Root

This is what took me the most time, and ended up being the most annoying. From ~5 minutes after user it’ll be clear what the vector is, but accurately weaponizing it is tedious and annoying. Easy to overthink, but once you know what you’re doing don’t overdo it. Google is also your friend here.

Feel free to PM if you need a nudge.

Just Finished the Box. Send a message if you nedd hints! :slight_smile:

I’m stuck at a****e user, tried all my best with getting the db and I just couldn’t get it, kindly if anyone can DM me for a solution…

EDIT: Never mind, I found the solution.

Now i know how to build s*** pkg

I’m working on root now.
I know what Ubuntu specific tool i need to use, but i got 401 error.
Any hint?

EDIT: I’m root. I didn’t need to use this whole dirty thing.

finished the machine, If anyone need help, just pm me.

Got user. The very last step should be fast once you know what you’re working with and can configure your tool (a few seconds). If you’re having issues working with m*s** on the box, pack everything in a suitcase and take it outside.

…Got root. After getting user, simply check what “bigguy” things you can do with that user.

Beyond that point it went fast but I have to go back to understand s*** out of curiosity. For the exploit itself, there’s a certain popular source for…breaking out of stuff…that covers all the steps, though I had to change the payload slightly.

Feel free to PM for hints.

Sometimes my curse of overthinking kills me. Got the root flag

I’m in as b*****eaan, have done some basic enum to see that there’s a n exploit with the v2 already in the home dir. Running the v2 exploit fails for me with a 401 error. Looking on Google it and reading on here you can craft your own… I tried this in Kali but it failed and people have said to use a different environment… I really don’t want to install a new VM just for one machine…

Anybody that’s not installed a new VM for this box able to help/DM?

thanks!

Type your comment> @rancilio said:

I’m in as b*****eaan, have done some basic enum to see that there’s a n exploit with the v2 already in the home dir.

Eeeeh, unless I was blind when I did the box, I assume someone left his tools on the box and that folder shouldn’t be there. In any case, I think you can build the necessary package on many distros, including kali.

currently on as the a***** and found the ml directory but stuck on how to get into it. I found the b*********** but not sure where else to look. nudges?

I got user flag. Working on this s*** and s**** thing and slowly going crazy

rooted, it is an easy box.

Type your comment> @devilray said:

currently on as the a***** and found the ml directory but stuck on how to get into it. I found the b*********** but not sure where else to look. nudges?

everything you need is where you landed.
just look at the file’s.
find the creds for your next step.

no need to go outside www, i did and found some things but they where also in the www.

Type your comment> @djbrains said:

Type your comment> @devilray said:

currently on as the a***** and found the ml directory but stuck on how to get into it. I found the b*********** but not sure where else to look. nudges?

everything you need is where you landed.
just look at the file’s.
find the creds for your next step.

no need to go outside www, i did and found some things but they where also in the www.

I was able to find what I needed and got user flag. Thank you!