Official Delivery Discussion

Rooted.
Respect to @ippsec as always.
This box was more of a riddle than a hack in some ways.

Can somebody help me with root?

@GoodUngarbage said:

Can somebody help me with root?

Dump the right things and crack them. Don’t overthink the wordlist.

In mattermost: “This server does not allow open signups. Please speak with your Administrator to receive an invitation”. Its ok?
Solved

@romkasv said:

In mattermost: “This server does not allow open signups. Please speak with your Administrator to receive an invitation”. Its ok?

Yes

Rooted!

The tips in this thread are more than enough to pop a shell and privesc, although I will admit the initial foothold is a little annoying and makes you think in a “different” way than most boxes.

Feel free to P.M. for a nudge :slight_smile:

This machine was a waste of my time. The process to get access to view your ticket simply doesn’t work, until it suddenly logs you in out of nowhere.

@h00psn3k said:

This machine was a waste of my time. The process to get access to view your ticket simply doesn’t work, until it suddenly logs you in out of nowhere.

That might imply someone has attacked at the same time as you. It shouldn’t “log you in out of nowhere”.

Rooted. Unless I followed some unintended way, I don’t see why it’s rated 3.9 in CVE. I was thrown off by an exploit published for the foothold service (albeit wrong version) around the time the machine was released. Otherwise, pretty fun one.

Hey Guys im stuck on user.
I just can’t find a way to log in with the email I got from h*******k…
Can someone please give me a hint?

@RandaleRalf said:

Hey Guys im stuck on user.
I just can’t find a way to log in with the email I got from h*******k…
Can someone please give me a hint?

When you open a ticket, it tells you what to do to log in and see the messages.

Just Finished the Machine. If help needed send a message. :slight_smile:

rooted. learned some new things on the PE, most of which I didn’t end up needing. lol. but good to know. shout out to @rancilio for the help on the syntax. had i just paid attention to one thing (or tried one thing i saw) i would have had it but instead i tried doing it the hardway and didn’t quiet get there…

Thought I was stuck, sorry, disregard.

Rooted! Thanks for the nudges here everybody.

is ok if helpdesk do not display anything? is my first machine and i dont know if i configured wrong the vpn

Hi, I am stucked on getting a t****t. I have tryed several ways, but I don’t know which id to use in order to query the info. Can some1 help?

Edit: nvm, when I saw the nerd mistake I felt really stupid xD. Thanks

This is doing my head in, I think I have gone through the process, but it is asking me to log in to see my tickets, I cant seem to log in at all, keep getting “account confirmation required” when signing up for a new one, or access denied when trying to check ticket status using the info from the ticket submission :frowning:

Hi, I am stucked on cracking the root hash. Everytime i try with hashcat the program says illegal instruction. Is there another way to crack the hash? (I tried john but it did not work for me.)

@Frkxo said:

Hi, I am stucked on cracking the root hash. Everytime i try with hashcat the program says illegal instruction. Is there another way to crack the hash? (I tried john but it did not work for me.)

If you have the right hash, it should crack with John in seconds. Its all down to using the right wordlist.

Try not to overcomplicate this step.