@JSquared / @riboyster - happy to help; you both have DMs
Can someone give a little nudge for user? I think itās about the mime.xml file
but I have nothingā¦
1 Like
Of course 
I sent you a message related to this topic 
There is no need to read all of them, it is possible to search only for those valuable
1 Like
Rooted! Pretty good box overall but did need a hint on root priv esc due to some confusion. Anyone who used ghidra willing to reach out and chat about it?
Nevermind, figured out what I misunderstood.
Feel free to reach out for hints!
Loved the rooting part, the user part was kinda annoying though
Very nice box. No so interesting in the beginning, but so good in the finding part
Rooted! 
Escalation had my eyes hurting, so I walked away for a whileā¦ then when I returned I quickly sorted things out. That was hilarious. 
Hi! Iāven been able to get the reverse shell, and i think i know what i have to do, but i cant open the log file properly to see the content. I donāt know if thatās what i have to do or not, any help??
EDIT: got the user already
LOL I got stucked for like 2 because the Upload function wasnāt working. I was getting no response from that and If the file had .php in the name, the server never respond. I tought that was a rubbit hole and there was something hiding to discoverā¦ 
Now I came back and upload is workingā¦look like I wasted a lot of time while instead I should have reset the machine
Rooted. Using GHIDRA I got tricked from a wrong ācodeā interpretation, then I used a site called āDecompiler Explorerā and that worked better.
Medium machine for sure 
First time to encounter reverse engineering content in the box, fortunately not too difficult 
I have grabbed the binary, looked at it and determined the arguments. One is c*** . I am not sure how to leverage this, though. Any tips?
Owned! Itās a good medium machine.
Foothold: google fu
User: Analyze This!
Root: Dragon will help you
Feel free to write to DM for hints, I will be glad to help! Just donāt forget to hit me a respect
same here. small hint is appreciated
check your first argument again. this solved it for me
1 Like
Finally got root. User was pretty simple and straight forward, but root took me forever!
What helped me was the hint from @jondan28. Releasing the dragon was more confusing than anything else, but thatās probably because I have zero experience in it. What helped me a lot was strace. Honestly, I still donāt know why it works, I will have to go through it another day.
1 Like
I loved that box ! First initial foothold is easy but satisfying, then the part where you do some āinvestigationā is really great, think that part like it is forensic and look for mistakes when a user authenticate, the hacktricks page on Windows Event evtx will be helpful enough to find the right event 
For the root part, itās reverse engineering, I know that itās a tricky part for most us (and also for me) but the dragon will reveal the readable instructions of that mysterious binary ;p
Itās a simple C code, it has arguments like every code but why ?
If you are really stuck, DM me
This box really worth it
The skidz defaced the site 