Official Format Discussion

hackw3ll · May 18, 2023, 5:45pm

stuck at the same spot…

CaptLevi0408 · May 18, 2023, 5:59pm

Thats what I am trying to figure out. I’ve spent 2 days on trying to get pro… sad.

b4dger · May 18, 2023, 6:08pm

If anyone needs a nudge feel free to DM me

BuZuS · May 18, 2023, 6:13pm

You’re on the right track.

XSSDoctor · May 18, 2023, 11:22pm

Wow rooted after almost 5 days! thank you everyone for all the help, especially Adrigm2608, QuantumFrenzy, and of course Paradise_R, who is such a rock star. DM me if you need a nudge

jodojodo · May 19, 2023, 12:04am

Also just rooted the box, this was a very cool experience.
My small hint: You have to interact with the local DB during each step (Foothold, User, Root).

khangduy113 · May 19, 2023, 2:14am

almost 2 days stuck on foothold, can i just dm someone on discord ? Kevin Nguyen#4909

th3kn1ght · May 19, 2023, 12:30pm

Can some one help me, please ?

I am stuck in lfi

Dm me or add me on Discord Th3kn1ght#4799

spaceboy20 · May 19, 2023, 1:03pm

Can someone help me with the root part?

otter · May 19, 2023, 1:14pm

dm

anded222 · May 19, 2023, 1:28pm

can someone give me a hint on how to read files? I just found a way to write them.

BuZuS · May 19, 2023, 1:31pm

Are you sure it’s not both?

t4rd · May 19, 2023, 9:29pm

Hello!
Well, for sure this machine presents some challenges beyond my knowledge. (I’m a beginner).
Despite that, and having some idea that the source code can lead us to a vulnerability to allow get “pro=true”, and then explore the (image) upload capability, I really lack of good knowledge on how this R***s db works, and how its related with HTTP post/get .sock “magic” happening here.
Could some grateful soul lead me to a concise source of knowledge to grasp how this communication via HTTP occurs?
At least I could learn and acquire a better basis for this. I am not really motivated to get user at this point
Thanks in advance

z0nd3rl1ng · May 20, 2023, 12:53am

hello there
i’m also quite new and stuck at the exact same point
anyways, my guess would be to establish the connection via r****-cli and find a way to set some things i hope i’m on the right track with this, as i’m struggling rn with the syntax. it nonstop throws Protocol error, got “H” as reply type byte

CaptLevi0408 · May 20, 2023, 1:35am

I’ve been stuck here for five days. With a lot of help from @otter and others I’m finally able to understand how and why things are happening. Working on this box has increased my ability to look at source code tremendously. Unfortunately I too, am stuck at getting pro. I have the idea and knowledge of how to do it, but I just can’t get the syntax right. Good luck on the box. Making sure I take notes for my own personal write up on this one. Box should be labeled as hard in my opinion. Not beginner friendly that’s for sure.

Fr13mel · May 20, 2023, 8:26am

Just to tell, posts get removed if they are giving too much hints. Obviously we had too much info here already. So if you read all the posts, you get exactly that much help we are allowed to give. The best advice is always something like that: Get everything you can find around the services you are working on and understand exactly what they do. Services have two sides, build your own setup, debug and see how it works.

DuckmasterF · May 20, 2023, 10:25am

This was my first attempt at a medium box. I have to say this box is amazing once you finished it and greatly frustrating while at it. I spent a good 10 hours on this box, almost 9 of them for the foothold.

Neverakswhy · May 20, 2023, 2:02pm

please help me
need hint for privesec i got shell as www-data

gio_da_sicilia · May 20, 2023, 2:10pm

what do you need

gotti1312 · May 20, 2023, 9:19pm

Box name