Official Perfection Discussion

system · March 2, 2024, 3:00pm

Official discussion thread for Perfection. Please do not post any spoilers or big hints.

0xb14cky · March 2, 2024, 7:20pm

i can’t able to access the machine and i have connected using vpn and i can see it on dashboard

10.10.16.1 icmp_seq=1 Destination Host Unreachable

TheSinister418 · March 2, 2024, 8:28pm

Anyone have a foothold ? I have discovered one single possible entrance however can not for the life of me figure out a way to exploit it as I have tried my known methods, anyone got anything so far?

ellj · March 2, 2024, 10:58pm

Got user, but stuck on the potatoes.

ringo · March 2, 2024, 11:02pm

I am having trouble getting a foothold, any hints anyone can give me?

TheSinister418 · March 3, 2024, 9:07am

Anyone able to help with the privilege escalation, I have found some useful information however struggling to use it

Cipherhash · March 3, 2024, 9:35am

can you help me with initial foothold ?

cromiphi · March 3, 2024, 11:46am

Just rooted ! nice and easy VM

dextrp102 · March 3, 2024, 2:00pm

I am facing issue to resolve the ip in /etc/hosts because of which burp is unable to intercept someone tell me what to do

Mocarz_121114 · March 3, 2024, 2:26pm

can someone give a little hint to initial foothold

slxshxtx · March 3, 2024, 5:10pm

for command injection, try with one of those operators
I have recently found the way to execute commands but still fighting for the user flag.
Such a nice machine!

0x1337root · March 3, 2024, 9:25pm

Foothold: You must calculate 7 times 7 in a new line.
Root: Just read linpeas output carefully and do not use custom scripts (like i did xP) give it to the hashmeow xD with properly generated wordlist instead of rockyou.txt.

guruprk · March 4, 2024, 12:31pm

Rooted. Great easy box. Learned a couple new techniques. There is enough clues in this thread to you user and root.

PM if need more clues

T2M5 · March 4, 2024, 1:56pm

Rooted, If someone needs help, send me a dm

TheUpbeatAres · March 5, 2024, 3:48am

Rooted. The only thing that helped me is that one of the boxes from previous seasons had similar security flaws.

Feel free to reach out for help.

Cedgar · March 6, 2024, 5:05pm

Rooted.

Fell free to PM for tips

T2M5 · March 6, 2024, 6:14pm

Because if you code wrong revshell won’t work but a simple revshell with urlencode will work.

aluche · March 7, 2024, 3:59am

cool machine. foothold is very simple. what does it feel like you need to do with that input?
what was a letdown was the fact the foothold leads directly to the user flag and consequently root. theres no in between.
anyway, remember to always check your emails.

any nudges just pm. theres enough info on this thread for you to solve it

eugenethreat · March 7, 2024, 8:05am

Rooted. Agree with Aluche’s answer, once you get a foothold on the user it’s relatively trivial to find the root flag.

User:

SSTI
Always check what the software is written in! Google is your friend.

Root:

Check your mail
Cat wearing a mask.
Check your sudo permissions as always. sudo -l always comes in clutch

shubham0111 · March 7, 2024, 6:57pm

I got a flag but it’s showing 1/26 .is there 26 flag ?