Official Forgot Discussion

Official discussion thread for Forgot. Please do not post any spoilers or big hints.

This box… is so … slow …

Also, the box creator should url encode their base64!

1 Like

Got user flag! any hints for root? :face_exhaling:

For the privesc: The path should be obvious after some very basic enumeration. Then it is just a question of how to exploit it.

Rooted! This box has some great ideas! However, the weird rate limiting, password resets and insane lag that website has really brings the experience down.

It seems like the box creator put an insane amount of effort preventing multiple users from disturbing and spoiling each other, but ended up creating an extremely annoying experience.

This box is extremely frustrating and have found the username and password for SSH, but for some reason it is not working at all. Don’t know if this is related to the way the box has been configured or just that it is really slow, but not enjoying this at all.

I’m at exactly the same point - creds not working how you would expect - pretty stumped about where to go next

This machine seems broken. Despite being slow af:
The first step works only sometimes. If not restarting the machine helps.
If you’ve managed the first step and are logged in, seconds later you are logged out and have to repeat step 1.
It’s a fun machine and I learned a new trick, but I’ll stop here, because there are too many bugs.

The machine is very unestable, the token part sometimes work and sometimes not. It’s very frustrating. I hope that the author could fixed that, because now is in release arena and each one has a personal instance, but in a few days it will be a single instance for all, and this it could be worse (in my personal opinion).

I figured it out. Have a look at what the CSS might be doing. I’ve decided I hate this box.

Okay I don’t hate it but feel like this bit was just mean.

Very nice box, its more on the easy part, the PE to root was interesting. One small note from me is when you discover the juicy information from the ticket just display the page’s source and copy it from there to save yourself some headaches. :smiley: For anyone stuck feel free to PM.

stuck at this point as well seems like ssh creds are the next step but they do not work

Well I feel like I’m stuck right in the beginning. I know that the right way to do it (at least I think it is) is via poisoning, but this topic is kinda new to me, and I cant find a way to use it in my favour.

If anyone could give me any hint, I would appreciate.

I feel like the camel case part is broken on some boxes but fine on others… I was participating with a few friends, and we all got different results, so I had to switch VPNs to solve user.

Please help. How to get to the “disabled” page?

Yeah, i also trying to figure out how get these page

Having trouble with this part too. At this point, I don’t know if this is it. Switched my VPN access just now and my input is still filtered. Anyone who’s done the box after the patch, can you drop a small hint on the part after login?

I’m having trouble with the step after logging in as the regular user. I’ve looked into injections, redirects, forging cookies, nothing has worked. I don’t know if I’ve overlooked something or if I’m just in over my head here, but it’s driving me crazy.

Any pointer would be appreciated.

I can’t believe this took me so long to figure out :person_facepalming:

Think about what page you’re trying to access and how the website is authenticating your session.