Official Devzat Discussion

Official discussion thread for Devzat. Please do not post any spoilers or big hints.

Very cool box! One of the most fun I’ve done in a while. Thanks @c1sc0

This is a great medium machine! Mediums tend to be really hard to make, for whatever reason, so kudos to the creator on a job well done.

This is probably one of my favorite machines I’ve done on here. Really fun! Well done @c1sc0

Rooted! Been a while since I’ve played a cool box like this. Really recommend this one. DM for hints

1 Like

Thumbs up to the creator. Fun machine!

DM for nudges.


Like @riceman said, this was a great medium machine. I’ve found most mediums tend to be a bit awkward but this one flowed well from piece to piece.

DM for hints, but let me know what you’ve tried so far.

Thanks @c1sc0!

Rooted! My first medium box. I’m ecstatic right now.

The whole box was great. User especially was incredible. I learned so much.

Tons of fun on this one, kudos to @c1sc0. PM for nudges

After spending 4 days on “developer”, it’s nice to do a cool, nice and truly medium box ^^
Rooted in 2 times 4 hours I’d say
Thanks @c1sc0 :wink:

… PM if needed

1 Like

I wish we had a way to ban people who leave spoilers on live machines…
Edit: Again, they put it into /tmp 16K -rw-r--r--… How hard is it to scp from your box?


root@devzat:~# id
uid=0(root) gid=0(root) groups=0(root)

Yeah I’m just an idiot, used the wrong path. Nevermind my deleted comment about getting code exec…

“I wish we had a way to ban people who leave spoilers on live machines…”

Agreed. Or, at least, slap them in the face lol.
You don’t even have to scp, just create a directory with a name obvious enough for others not to go inside.
I first “solved” this box because of a spoiler. Something seemed to be off but I wasn’t sure so I went with it and could escalate from foothold to root directly. I went back to the box later to do it the intended way but yes, people who leave important files behind them for everyone to see really are annoying.

Apart from that, really cool box, I enjoyed it a lot :slight_smile:

Seems like these forums are not as busy as they used to be.


Anyone know a way (other than resetting the machine), to get it to run a shell again? I accidentally hit Ctrl-C, and lost it, and now different ports don’t even work.

EDIT: Nevermind, I’m an idiot. Just had to change the format a bit.

Rooted! Done!! I learned many new things with this box.


Start by enumerating to get in. When you’re in, as with any organization, it’s important to know where the devzat, and where the devzchat…

1 Like

Anyone having issues with this box?

Nmap shows 3 ports open, I can connect to the middle one with an IP but it wants a hostname. If I add the host name to my hosts and connect, it times out. I cant connect to either other port either (constant time out).

I’ve tried resetting a few times but it still hasn’t worked…

weird. Working fine for me on SG VPN.

Ok - might have to switch servers (or actually do a different box because I cba downloading a new connection pack :smiley: )

Very cool box, i have spended lots of time with this machine but very good learning steps. Enum is the key ! :face_with_monocle:

For foothold: enumerate machine or what you got good, when you find some directories/subdomains look them carefully and maybe you should try with new wordlists. (at my scenario, my wordlist was wrong! or maybe olddd)

For user: You should try a little bit more, for reverse shell or maybe with ssh connection, both of them worked :slight_smile: then i saw that user flag is not there, then focus on new user, read some cool stuff and enumerate machine more. i can guess that there may be several ways for user too, maybe!

For root: actually root part was easier than foothold or user part, again enumerate classical steps and then you can see some different things :wink:

Thank you so much for the creator, Devzat at top 3 machines for me until now :blush: