I got root !
Here are my hints:
PM me if you need some more hints.
ohh gosh, please stop reboot the box-_-"
except the foothold part, everything was nice 
Hey guys, I have rooted this box. I’m trying to do the foothold manually rather than use already available scripts. I’m using python to do this and wanted to know if anyone is willing to give me a nudge in the code. I just can’t seem to get rid of some errors.
To those who are still doing the box, be patient. Everything you need is right in front of you 
PM me if you are willing to help with the code or just need a nudge for the box.
Type your comment> @gluonsrgreat said:
Got Root.
The foothold for this box was just kinda stupid. Maybe its just me and my general distaste for CTFy machines but after I got the initial foothold I was pretty disappointed. the “first part” is fine. However the way to get the "second part " for the initial exploit seemed more of a way to slow down the progress of rooting the box rather than trying to give an example of or teach anyone a concept. Maybe I’m being too harsh about it but It just seemed kinda uninspired on the creators part.
That all being said I actually did like this box after the foothold, user gave you a potential dead end and made you look somewhere else, which I personally like to see. Root took me 2 minutes, but its an easy box so I have no complaints. If it were not for the foothold.
this box would be great for someone who was just learning, because of the general enum concepts.tl;dr
foothold bad, rest of box goodthere are plenty of hints on the forum, but if you need additional help, send me a pm with what you tried so far and I will do my best to help.
props to @gotroot for the foothold nudge
Hey, sorry about your disappointment at initial foothold. But atleast we learned one unique technique, right?
I’m too wasted some time on that part, but after I liked it.
I kind of liked Blunder. It was an enjoyable easy box.
While I get that everyone’s ideas vary, I really dont see this as being a “CTF” box in the sense that super-unrealistic elements were needed or lots of guesswork.
The flow is pretty much: enumerate, find stuff, use stuff, enumerate, find stuff, use stuff. It a lot faster if you read the docs for the platform but that’s pretty much true of everything.
ROOTED!
Nice box, the first part is definitely harder than the privesc but I think it is a very good machine if you want to learn something.
Foothold: the hard part! Gather information from a website is not CTF-ish…it is a real-life and useful technique! Then to exploit the “thing” there are at least three methods: MeS****t, BuS**** or writing your own script. I start with the first one (the easiest) then reprodouce it with the second tool and now I’m trying to write a simple Pyhton script to automate the procedure.
User: who/what are you looking for? Well just search for it!
Root: Very easy, it’s impossibile to drop hints without spoiling so just do your basic enumeration.
Feel free to PM if you need help!
Ok this is doing my head in.
I have managed to login to the web app and from there use both M********* as well as a python PoC to gain a shell on the box.
I can see the users on the box but for whatever reason I can not seem to go from the w******a user to the user **** to get the user.txt flag.
Would someone mind pointing me in the right direction? I’ve read the thread and know I am likely not enumerating enough, but I think I’m over thinking this WAY too much.
Many thanks.
@battletux said:
Ok this is doing my head in.
I have managed to login to the web app and from there use both M********* as well as a python PoC to gain a shell on the box.
I can see the users on the box but for whatever reason I can not seem to go from the w******a user to the user **** to get the user.txt flag.
Would someone mind pointing me in the right direction? I’ve read the thread and know I am likely not enumerating enough, but I think I’m over thinking this WAY too much.
Many thanks.
Google the application and see if you can find its files structure. If you look at that, there is a file which stands out as being a likely place for users information.
Look in that.
Rooted , thanks @egotisticalSW for this fun box.
Reach to get a “not so simple” foothold alone ! Great achievement for me!
Some rabbit holes that made me lose times but that is also a thing to learn in real life or in OSCP preparation
PM for nudge if needed
Type your comment> @TazWake said:
Google the application and see if you can find its files structure. If you look at that, there is a file which stands out as being a likely place for users information.
Look in that.
Thanks @TazWake. I was wondering around and found that file, but was stuck on the st that was used. I didnt look for the n*w i***l! thanks for that, I now have user.
If anyone is stuck can ask me for hint.
Finally got root. Missed a simple step which ment when I first tried the priv esc it didn’t work. Muppet.
Awesome non ctf like box! The PWK course is full of these. Great practice, great for newer ppl. Hats off to @egotisticalSW for creating this box! Just one thing I noticed, part of hacking is cleanup, leaving no trace. I saw a lot of users leaving old files around. Please clean up after yourself or reset the box if you don’t know the process yet.
Please don’t change the password to the foothold portal…
Stuck on root… got the user flag. I know people say “Basic Enum and google” but anyone got pointers on the “Basic enum” part(noob here)? I did some Googling off versions etc. of things I’m finding but I’m not seeing a lot. I saw @TazWake mention a CVE released late last year but having trouble coming up with anything …
Rooted the box, the foothold was more medium imo. User and root are very easy. You can always PM for small nudge if you get stuck 
@wittr said:
Please don’t change the password to the foothold portal…
Stuck on root… got the user flag. I know people say “Basic Enum and google” but anyone got pointers on the “Basic enum” part(noob here)? I did some Googling off versions etc. of things I’m finding but I’m not seeing a lot. I saw @TazWake mention a CVE released late last year but having trouble coming up with anything …
When you find it, you will understand why it is nearly impossible to say anything here which wont be a spoiler.
Concentrate on finding out what rights/privileges your user account has.
Type your comment> @TazWake said:
When you find it, you will understand why it is nearly impossible to say anything here which wont be a spoiler.
Concentrate on finding out what rights/privileges your user account has.
Got it! Rooted.
I was going down that path but got an error when attempting enum, didn’t happen to google the error at the time (doh). On the plus side I learned how to upgrade a shell to fully tty during this process…
Thanks @TazWake @LewEl for nudges.
@wittr said:
On the plus side I learned how to upgrade a shell to fully tty during this process…
Nice work! All learning is good and that is a genuinely useful step in most boxes here.
Rooted…
My first box that did not have step by step instructions. Lots of learning and a couple of hints. Great experience. Thanks