Official Format Discussion

zemunk3y · May 25, 2023, 8:46am

This machine is driving me nuts!!!

So with some help I’ve managed to get pro and get a shell as www-data…

I just can’t see how to get to the user …

is it to do with the hidden directory ?

0xFad3 · May 25, 2023, 10:05am

No hidden directory. Enumerate a little bit, think about where you can find usernames and passwords.

zemunk3y · May 25, 2023, 10:49am

Legend!

CaptLevi0408 · May 26, 2023, 10:38pm

Finally, after a week and a half, this “script kiddie” has rooted format. It was definitely a very humble experience pwning this box. Huge shoutout to @otter for helping me understand not only the techniques but the whole concept behind getting pro and to @zemunk3y for pointing me in the right direction with the root part. And big thanks to the creator of the box. Format is awesome. Good luck everyone who is still working on it.

fernx2023 · May 28, 2023, 12:54pm

Was more of a brainfvck for me but I Finally pawned it. Id consider this machine hard not medium. Shout out if you need a nudge!

mikedakotastaytrue · June 2, 2023, 8:18am

what should i do after finding token endpoint?
(jwt attacks dont work and token cant be used with -1 to reach DR)

s3nt1nel · June 3, 2023, 11:58am

Well this was a ride but I enjoyed the struggle. Foothold was crazy to me falling into many rabbit holes. After getting PRO, remember you gain write access to something.

abloodyname · June 5, 2023, 5:44pm

Anybody willing to hint me with this one a bit? I’ve been working like crazy for days on this one. Got through the first steps, got an idea and found the two first vulnerabilities and got a general idea of what to do but I cannot see how to upload the webshell for the first steps of the pwn

Any help will be greatly appreciated

arsic · June 20, 2023, 6:34pm

DId you ever get pro by chance? I’ve been struggling for hours now, i know im overlooking something obvious…

arsic · June 21, 2023, 2:03am

I know exactly where the formatting bug is for root, could anyone perhaps nudge me in how to exploit it? I’m having trouble escaping the string to execute my code because of redis securing my input…

imPankajSingh · July 12, 2023, 2:20pm

Hey,
I’m stuck after getting pro user, any hints ?

ride200mph · July 25, 2023, 2:48pm

Wow, the race condition is interesting, but the intended way just blew my mind! I heard about these issues before, but never saw them on practice.

Will go check all my configurations now

From the foothold the rest is fairly straightforward.

bebop831 · July 31, 2023, 6:52pm

Same here. Why are we able to do that to the redis socket?

bebop831 · August 1, 2023, 3:53pm

Rooted! Man that box was tough but I def learned alot. I’m still trying to understand some concepts from the whole exploit chain, so if you have experience with redis/nginx can I ask a few questions? I’d greatly appreciate it.

Zhme · August 6, 2023, 10:48am

Not a dumb question, don’t sweat it. Some people start to learn hacking and they turn into female praying mantis’. They eat the head of anyone who approaches them.

alemusix · August 30, 2023, 10:09am

Same here. I’m reading through the source code to find a way in but I’m stucked.

Edit: managed to get foot in

Edit2: rooted. This box was tough because I faced many steps I’m not quite familiar. I’d rate as a hard box.

nintend00x · September 2, 2023, 7:07pm

How you guys found out there is redis in place?

HackerBean · September 3, 2023, 4:33pm

I got the user flag, but I did not need to get a pro account to get a reverse shell and user flag. Also without using the non intended race way. Can someone DM me how it is even possible to get a pro account without reverse shell? (Please do not spoil root yet.)

7H31NTR00D3R · September 14, 2023, 11:48am

hey guys late on the box but i have managed to find a way to get PRO but trying to upload a shell or anything im lost at , if anyone can give me a nudge thanks in advance!!