Official Breadcrumbs Discussion

Hi guys! I’m stuck on the foothold part. I even tried to bruteforce the key of that token, but probably it’s not the right path. Any clue on that ?

EDIT: found a way :D. Always the same error, not enumerating enough and\or making wrong assumptions.

Howdy. Can someone DM me a hint. I’ve been able to enumerate users, create users, and i’ve used burp to intercept requests but I can’t seem move forward. DM hints would be appreciated. Thanks!

Type your comment> @minsidajedi said:

Howdy. Can someone DM me a hint. I’ve been able to enumerate users, create users, and i’ve used burp to intercept requests but I can’t seem move forward. DM hints would be appreciated. Thanks!

If you have some usernames, try to imitate one of them.

Type your comment> @h4shcr4ck said:

Type your comment> @minsidajedi said:

Howdy. Can someone DM me a hint. I’ve been able to enumerate users, create users, and i’ve used burp to intercept requests but I can’t seem move forward. DM hints would be appreciated. Thanks!

If you have some usernames, try to imitate one of them.

Hints. I’ve tried messing with the response but not sure how to get the right “answer”. PM me please so no spoilers released.

I’m running out of ideas on this.

I have the Kr*****_***** file and have accessed that 1234 service and gotten what looks to be either an encryption key or an aes encrypted string. (I’m Assuming it’s an enc string)

I don’t have the master key the program asks for. I’m assuming I’ve overlooked it somewhere. Reversing the elf does not appear to produce it.

Probably there’s some windowsfu that I’m not aware of.
Perhaps my enumeration is not up to snuff.

EDIT. got it a few minutes after I wrote that.

What a box. great stuff. hats off to @helich0pper the devious b@5t@rd :wink:

What I would really like to discuss with someone who rooted this was what method did you use to decrypt the final password. I keep seeing people mentioning modes, etc. I ended up using an online tool because it seemed like my regular hasher was not going to do the job.
I’m sure something like this could be made quickly in python or something but I’m wondering if there was a native/other tool in kali that i should know about.

Finally rooted. What a ride! This was my first hard machine, I learned a lot.

Foothold: Need to familiarize with the term “Breadcrumbs”. Enumeration is vital, you’ll understand piece by piece what you have in front and eventually you will gather all infos that you’ll need to go further.

User: Basic enumeration to grant you stable access to the box. Keep enumerating “stick” with it!

Root: Again enumerate and retrieve all ingredient for your recipe.

Thanks for the box

awesome box
the last part had me tho…i had to know more about the creator to get the password lol
i didn’t investigate but my guess is something to do with php encoding
anyway thanks for the box i learned a lot

OK, this was too much for me. It took several hours of 2 weekends and I couldn’t have done it in that time without many nudges from all of you.

So here are a couple of tips for others stuck in the same mind fuck than me:

1- Foothold: the first part is really cool and very realistic, just do it like it’s a real target with patience. Once you get your scrying powers and find the obvious secret you are still going to be missing one piece of the puzzle. LOOK IN ALL THE FILES, yes in that one that has the right name but is ridiculous and never in a million years you would think that someone will change, that is the one.

2- User: OK, WinPEAS fuck me up on this one, do the enumeration by hand. Again patience, lots of patience look in every single place in order.

3- Root: The internet search fuck me up too. You get a very obvious clue and google send me to the wrong place. Look well in more google results, it’s there.
After that there are lots of steps and more enumeration to find more of what the clue told you about.
Finally, the Chef served me rotten meat, just use the first result from google and watch out for the correct mode as others had pointed out here.

Good Luck!

Could I grab a foothold nudge, first hard machine and im struggle streeting it. I have my magic scrying orb, but its a little foggy, anyone able to provide some clarity

edit: Ahhh yes, i walk away from the keyboard for 10 mins and i solve it. My crystal ball got alot clearer and i now see the crumbs

I’m having a bit of trouble with the final (I hope) stage of this box. I have got the ELF file and have examined that to get access to a certain web site and have an AES key but I don’t appear to have anything to use it with. Not sure if I need the master key for the ELF file or not.

Any nudges would be most appreciated.

Type your comment> @sloth1985 said:

I’m having a bit of trouble with the final (I hope) stage of this box. I have got the ELF file and have examined that to get access to a certain web site and have an AES key but I don’t appear to have anything to use it with. Not sure if I need the master key for the ELF file or not.

Any nudges would be most appreciated.

Scratch that, Now managed to get root.

Hey all

I am having some trouble with the initial foothold, I’ve done my ennumeration and have an attack in mind, but I need to do something else first for it to work

I think I know what to do but I don’t know how to do it.
don’t want to get into any details here in public, but if someone could DM, or offer to help with just initial part I’d really appreciate it.

Not usually posting, but I just rooted the box, and I wanted to say to anyone reading to NOT put too much thoughts into the hints given here, especially for root.
All this stuff about a recipe, Chef and the stew stuff… It’s an unnecessary (and involuntary) rabbit hole. Also, automated enumeration is great, but you actually don’t need it here (for the last part of root).
Great box, by the way!

Finally got root. thanks to also help from others. If you need help, msg me. Biggest hint at least to get user is the name of box itself. You be a bird.

Wow, just finished this and what a fun box it was!
This was my first Hard box after picking through some Mediums confidently, and thought I’d leap in and give it a go.

Initially I was overthinking how devious the vulnerabilities were going to be and overshot the first one until I realised it was staring me right in the face. Once I got into the swing of things, I kept finding the breadcrumbs and true to their name, turned it into a fun trail of different classes of security flaw and bypass technique.

I think this was probably my favourite box to date - thanks Helich0pper!

Hey if anyone can help me with the later part of user please message me.
I do like this box so far-it is difficult but teaching me a lot.

I got initial Shell but i struggle to get Users flag.
please give me thips…

Playing with the token using the tool and examining it with burp. Reluctantly I read though the forum and I get the pretending/lie I have to tell the server but when I change the username field I get a dud…Am I in a rabbit hole?

Very fun machine so far, but even though I’m running a personal instance I’ve had two issues that were solved with a reset:

When I initially started the machine there were no services listening on IPv4, except for the usual OS stuff. There is a way to retrieve the IPv6 address, which did have services. I was proud to have have figured that out but after a reset there suddenly were things listening on IPv4. Still somewhat proud for finding out that workaround though.

The second time is where you’re sure you got all the information to make an educated guess for something. But… I got nothing. Until I did another reset. The machine wasn’t even running for very long so I don’t think anything expired.

So: when I doubt, reset :stuck_out_tongue:

Hey all, I have just finished the machine. One of my favourite machines. Many thanks to Camk and Helich0pper!
If anyone needs help, no problem, contact me