Official Codify Discussion

system · November 4, 2023, 3:00pm

Official discussion thread for Codify. Please do not post any spoilers or big hints.

JimShoes · November 4, 2023, 6:59pm

Good luck everyone!

d0rkm0de · November 4, 2023, 7:00pm

Happy hunting

5105 · November 4, 2023, 8:02pm

foothold was ez…

JimShoes · November 4, 2023, 8:03pm

Agreed. Literally my first hit in Google. Definitely nice to get one of those every once in a while.

fsoc13ty · November 4, 2023, 8:07pm

Priv esc tips?

respawn · November 4, 2023, 8:59pm

Look around. You will see.

matus · November 4, 2023, 9:12pm

I see what I need to misuse, but looking inside, can’t figure out how Tried a couple of things, not working, hopefully it’s not a red herring

joako1721 · November 4, 2023, 9:51pm

root hint:

look carefully, there is a pretty WILD way to do something

YanisHalit · November 4, 2023, 10:46pm

Hello can someone give me a hint on what type of payload to use to have a reverse shell please ? i’ve tried many thing but getting the “Command failed:” error.

Thank you !

d3lvx · November 4, 2023, 11:02pm

im in the same boat, all of the reverse shells Ive used dont seem to work.

anthotea · November 4, 2023, 11:07pm

Can i get any hints for root ? Im stuck

coaaa9 · November 4, 2023, 11:09pm

help me step-bro, im stuck on root

JimShoes · November 4, 2023, 11:39pm

Onto the next one!

Please wait until the box has been live for 24 hours before DM’ing for hints. After that, feel free.

cds · November 4, 2023, 11:43pm

Hi !! can someone give me a hint , I already have acces to the machine, now I need to become other user -w-

Mate0r · November 4, 2023, 11:43pm

Finally got it but it seems that the other players have helped me to be root by letting some evidences. I got the password but not in the regular way i think (or maybe yes)

jecpr636 · November 5, 2023, 12:18am

Am I meant to be able to access port 80 and 3000? I have reloaded the box about 10 times and same error each time.
I’ve captured in wireshark and consistently get “[tcp previous segment not capture] continuation” after the handshake and get request. Do I just have to wait for it to be less busy?
EDIT - still not sure what the issue was exactly, but I switched my vpn to UDP and it worked.

sphinx0 · November 5, 2023, 12:38am

User access was a breeze but the root part had its quirks. Getting to user involved a bit of persistence and a sprinkle of ingenuity. However, ascending to root required a deeper dive, a few creative twists, and a pinch of randomness. It’s all about mastering the art of thinking differently. #Happy_Hacking

longlivedavemustaine · November 5, 2023, 1:36am

I found the wildcard trick for root, but I don’t know how I’m supposed to use that to actually get the password, any tips?

jisatsuEH3 · November 5, 2023, 2:20am

I got the reverse shell, but still looking for ways to switch user or get root…

For those having issues with the reverse shell for initial access. I was able to get one working from here:

github.com

swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Reverse Shell Cheatsheet.md

# Reverse Shell Cheat Sheet

## Summary

* [Tools](#tools)
* [Reverse Shell](#reverse-shell)
    * [Awk](#awk)
    * [Automatic Reverse Shell Generator](#revshells)
    * [Bash TCP](#bash-tcp)
    * [Bash UDP](#bash-udp)
    * [C](#c)
    * [Dart](#dart)
    * [Golang](#golang)
    * [Groovy Alternative 1](#groovy-alternative-1)
    * [Groovy](#groovy)
    * [Java Alternative 1](#java-alternative-1)
    * [Java Alternative 2](#java-alternative-2)
    * [Java](#java)
    * [Lua](#lua)
    * [Ncat](#ncat)

This file has been truncated. show original