Anyone needing help, feel free to DM.
Got around to finishing this box today. Great fun and good challenge. Feel free to message for hints, but there is heaps on here already which should help 
finally pwned. Had some extra help by seeing what others had in the tmp directory for root.
DMs open for help.
Pretty easy box like others have said. But it was a really good box for sure. Feel free to DM with any questions.
For root if you dont see anything when spying, restart the box. I spent a couple hours only to realize the box was bugged. After a restart i saw the information i needed for root.
Complementing the post, in this box you have two ways to solve root, one âspyingâ (which requires monitor linux process) and the other âguessingâ (which requires writing some code and âgoing wildâ).
1 Like
Just owned the machine, keep it simple and google is your friend.
Foothold: Google what you see
User: look around, keep it simple and you will know when you find it
Root: itâs a bash script! go WILD!
So, someone left something on the machine that makes it trivial to get root. I knew what I had to exploit in a broad fashion, but I didnât know how to go about doing it. Iâm not very good with scripting and am not sure I would have actually figured out all the code on my own. I studied it and learned how it works because I canât just use something and be done with it. This season, and any of these boxes for that matter, is first and foremost a learning experience for me so despite feeling guilty for using what someone else left I at least want to come away having learned something. I am going to keep it for my notes and comment it for future reference.
The box was fun and an exercise in research and understanding code, amongst a few other things, with the end culminating in writing your own which, as I said, I failed at. Props to anyone who didnât, though. I can read through things and figure out how it works, but I think thatâs the easy part. Creating it from scratch is far more difficult and takes a higher level of understanding of the language youâre working with. Nice job! 
1 Like
Had a wild time writing my first Bash script and then got stumped for a moment when ssh didnât work.
Then I realized there was another way
Dm for super simple script help
oh i am interested for the first one because i did the second but at first i tried to trace the process unsuccesfully .
@0xffffff Thanks for your help !
1 Like
Can you give me a hint for the reverse shell ?
@gallahall
simple bash reverse shell works easily
Just pwned the machine. I really enjoyed this box. I had some trouble at identifying the vulnerabilities but when it became clear, It was not that hard to exploit it. If anyone need help, just send me a message. Iâm happy to help
Rooted
Foothold was very easy and privesc wasnât too hard once Iâd had a decent look at the machine. I still learned something new though and refined my process for the bits I already understood. Overall very fun box.
Feel free to DM for hints.
Rooted this machine one way the other day but there is a second way which i was keen on coming back to do to learn more in this situation which I completed today , Thanks @0xffffff for the heads up!
1 Like
Got root! Thank you to @0xffffff for the help along the way! I learned a lot with this one.
1 Like
Hey, got foothold, found hash but I canât crack it. Is it a rabbit hole ?
You are in the right way, but you need to crack it.
Can anyone tell me why the restricted module worked in my exploit?
popped it,
if anyone needs assistance with anything pm me. Iâm here to help