Official Paper Discussion

I saw a few people having access problems here and on discord even after adding what they found to our favorite CTF relevant config file. I was having this issue for hours and couldn’t figure out what was wrong (ping works even with the host name, but can’t load site). Eventually through trial and error realized the issue was being caused by my own privacy VPN on my host computer running my VM. So if you’re having issues try disconnecting any additional VPN if you have any.

Thank you so much for this. It was really fun! It’s my first box after the free starting point ones, only started HTB this weekend. I got both flags, but I’m still poking around because of the easter eggs you mentioned…

1 Like

Anyone else having trouble with certain webpage that is hinted on the main web, and throws a status code 503 Service Unavailable?

Hey secnigma,
thanks for the fun box. I learned a lot, followed the breadcrumbs lying around and after a while I remembered to update my scripts regularly … :slight_smile:

1 Like

If 503 persists, try resetting the box.

add it to /etc/hosts file

Sweet mother… I could have saved myself hours if I had simply tried the privesc just more times than I did. I tried it quite a few times without success and convinced myself it was a dead end. Then came back the next day, tried one from a different source, and boom, works second time. Cool box, thanks @secnigma

1 Like

Just rooted, enjoyed it very much! A relatively easy machine.

My tips -
Foothold - Web enum, I ended up using a tool I don’t usually use for this sort of enum, so look around see if there’s one that’ll help with this.

User - Find something containing interesting info and figure out how to use said info.

Root - Enum, find the weak point, exploit.

Cheers for the box @secnigma really enjoyed solving it!

1 Like

Great box! Not too easy, not too hard. I like the information disclosure to broaden the attack surface. Was banging my head on finding those ‘hidden’ files and tried a lot of manual stuff, then just searched for the version and public exploits to find it. From there on it was easy to get to the talking part and exploiting that. Root was fun to learn as well as I did not have the chance to do it before. Thanks creator!

Tips:
Foothold - Don’t just look at the webpage, look at the ‘complete’ data transfered and see if you find interesting stuff. Enumerate versions and search for ‘exploits’. There’s not much to pick from if you do it right.

Root - Use the tool that everyone uses and see if you can find some blog post to help you out. Find out what the group means.

Foothold:
Can’t just be default web server there must be something more. Once you’ve found it check to see what CVE makes sense with what you see or don’t see. After you do that you’ll probably wanna pay close attention to the conversation taking place there might be someone/something useful to you. You should message them

User:
Okay so you’ve messaged them, now what? Well enum enum enum there’s always content that may contain NSFW information

Root:
LINPEAS can help you, or you can cheat with a bit of OSINT or you can do both

1 Like

Nice box, not so straightforward yet an enjoyable one, well done.

1 Like

me too same issue with user and root keys both, i got “incorrect flag” error…

try to switch vpn server

This was my first user and system own! Great machine and despite taking me almost a week to complete, learned a ton! Searching online and enumeration were a big help with this one. On to the next!

2 Likes

Enjoyable box, particularly liked the escalation. Thanks to the box creator for taking the time.

1 Like

Well that was fun. First time full ownage!
Once I found the bot it was smooth sailing from there. He was surprisingly helpful :smiley: Thanks @secnigma for a delightful box.

1 Like

it worked! thanks :slight_smile:

Easy (too easy) box. ;).

Just finished this one, box was kinda easy, trying to find the foothold could be a little tricky if you don’t pay attention. Once you get that, it’s pretty straight forward as what to do while putting little thought behind it. I will do my best to give some tips without giving anything away, a lot of what already has been said by others briefly echoed in here as well:

Foothold: make sure you enumerate everything and pay attention to what is given back to you as far as results go. I would start with some known web scanning tools built into most security distros (such as nik the alien). Once you found the place and made the proper settings to get there, enumerate some more and pay attention to the results once again when you run the proper tool (maybe look at the webpage thoroughly?). The results from there should lead you to the proper place to research

User: Once you find the path/thing, there is somebody that is very loud and likes to help users who ask him directly. He will tell you how to talk to them and what they want you to talk to them about, tricking him into speaking too much will def benefit you, the more he talks the further you will get. Make sure you ask him for help though if you need it, don’t be intimidated :sweat_smile:

root: a little research and use of linpeas should get you there, its pretty obvious once you see it

Hope these tips help a bit, if you need more of a nudge, feel free to PM me.

Thank yo u @secnigma the box was fun! :smiley:

1 Like

been staring at the lin**** output for an hour. Crontab doesn’t work. CVE 2021*** doesn’t work due to malformed version number. I’m not seeing any other way to root this…

POC not working either…