Official Awkward Discussion

Official discussion thread for Awkward. Please do not post any spoilers or big hints.

1 Like

Good luck everyone :slight_smile:


EDIT: Turns out that the box has been patched. No rabbit holes anymore I guess.

Rooted. Like last week, this box has a giant rabbithole. Again, I might be missing an alternative path. However, I really doubt that. Looking forward to the writeups I guess.

1 Like

Can not get R** from **k, is this rabbit hole?

1 Like

Not sure what you are talking about. Shoot me a DM.

I think I fell into this rabbit hole that @JacobE mentioned earlier. However, if that’s not it I have no idea what is. Any nudges?

DM me what you tried

A patch has just been released for Awkward.

HINT: There are basically 0 rabbitholes for this machine, everything exists for a reason :wink:

If you’re keen, I’d have another look and see if you can get it the intended way too!

Note: The patch won’t show up until the box has been reset, so ensure you do that first!

1 Like

Great box, intended path was interesting and I learned a lot. Had not done many of those exploits before.

1 Like

Great machine… i liked it a lot… and i was able to learn few things. For anyone stuck feel free to drop me a PM


Stuck at form page anything i try its said blacklist character

That’s a rabbit hole, you don’t need bypass it.

Anybody knows how to exploit the awk command ?

Any help with initial foothold?

You dont’ need.

I spent a few good hours trying to get the last step to work (root). I eventually figured out that the service hangs whenever it has been exploited and it’ll remain like that if we don’t clean up after ourselves. After some waiting and a restart I was finally able to get the root flag, but the service hung again. I’ll be cleaning up after myself, but I’m posting in hopes that the machine creator can figure out a more permanent solution. :slight_smile:
@coopertim13 - PM me if you need more info.

This box has a lot of breadcrumbs to find in order to get access as user. There is something you enumerate quite early on which only becomes relevant once you get user. The escalation on several places gets a bit redundant, but was able to learn a lot from them. Take note of stuff as you go along as they all end up tying back towards the end.

How do you figure out which template is being used to leave the right request?

Any hints on foothold for this machine.

Thanks in advance y’all

A (not easy) medium machine at least for me. :weary: Who said there’s no rabbit hole? Some things supposed to work doesn’t work. Is it because it was patched? :thinking:

FOOTHOLD : don´t be fooled. Login to the web app to see the code somewhere. Read that machine name many times. You have to read files from the box to get the juice.
USER : well, just login and grab flag.
ROOT : ongoing. Something to do with an alert script. Find what is going on in background.