Official RainyDay Discussion

Official discussion thread for RainyDay. Please do not post any spoilers or big hints.

1 Like

Welcome 1.6 stars machine :grin:

Rooted it when it released. The idea of hacking a custom cloud platform is compelling. The box is undermined by two points though. The most interesting part of the box can be entirely bypassed. I expect that this is unintended. Secondly, for CTFs it really should be rockyou or bust. It might be that I am missing an alternative path to finding that value. I’ll be reading writeups when the box retires!

1 Like

I only used rockyou for this box

1 Like

Can I ask you what speed managed when cracking the hashes and how much time took you, and maybe also ask if you could crack all of them or only one or two?
I’m getting only 30 hashes per second using my old graphics card and is taking forever to crack it :sweat_smile:

To be more precise the first hash just appeared in the screen after 518 minutes and 34 seconds

One cracked hash will give you things to work with.

Thank you JacobE.
That was more a toll than a actual question, I posted that question a few minutes before one of the hashes where cracked and the curious been inside me wanted to know about your rates and the time you took to crack that hash…
When showed up the first one after more than 8 hours cracking I move forward with that password, now I’m trying to take advantage of the dev api
*To the people in the same phase, don’t try to guess parameters (read with detail the page and compare with the first one you saw in prior phase)

I can see why this machine has such a low rating… Overall its not that bad i learned a lot from it, however it was definitely too CTFy for my taste or skills :smiley:
I needed few nudges along the way to be able to finish it.
For anyone stuck feel free to drop a PM.

can I dm anyone for some help to get root? been stuck for almost 2 days now

I think I need some assistance, if anyone who has rooted lately could nudge - after discussing with some other users I got a nudge on the intended route to exploit root, but it seems the box has been updated and the path for exploitation has changed. Given that this box seems to require a lot of h______t or j__n, I’m running into a bit of a wall :sweat_smile:

I also have no clue, how to RE … for root! Does anyone has a hot tip for me? Thanks in advance!

Any nudge for the last privesc? SSH’d into the box and did a privesc to the second user. I can see I have a privilege to do something as this second user, but not getting through.

Hi! I’m also stuck on the last step for PE. Any nudge would be appreciated!

A nice machine unless for the root part encrypt understanding. Thanks, @InfoSecJack !

FOOTHOLD : enum. Understand why you cannot access subdomain. Get RCE and forge cookie. You’ll get ssh key because you’re in a container and resources are shared.
USER : just login and grab user.txt
ROOT : that’s the challenging part. You have to privesc first because user haven’t the rights. Then you can use a special script that encrypts. The idea is to understand algorithm limitations and find salt.

I tried a lot of methods to bypass 403 but they didn’t go well.
This means that I should connect there from container ?

accessing through proxy is so slow and it timeouts many times. is this usual? or the box’s condition is bad?