Official RainyDay Discussion

system · October 15, 2022, 3:00pm

Official discussion thread for RainyDay. Please do not post any spoilers or big hints.

m4rsh3ll · October 17, 2022, 1:14pm

Welcome 1.6 stars machine

JacobE · October 20, 2022, 12:32pm

Rooted it when it released. The idea of hacking a custom cloud platform is compelling. The box is undermined by two points though. The most interesting part of the box can be entirely bypassed. I expect that this is unintended. Secondly, for CTFs it really should be rockyou or bust. It might be that I am missing an alternative path to finding that value. I’ll be reading writeups when the box retires!

XSSDoctor · October 20, 2022, 8:35pm

I only used rockyou for this box

Ic32K · October 21, 2022, 5:50pm

Can I ask you what speed managed when cracking the hashes and how much time took you, and maybe also ask if you could crack all of them or only one or two?
I’m getting only 30 hashes per second using my old graphics card and is taking forever to crack it

To be more precise the first hash just appeared in the screen after 518 minutes and 34 seconds

JacobE · October 22, 2022, 12:03am

One cracked hash will give you things to work with.

Ic32K · October 22, 2022, 12:31pm

Thank you JacobE.
That was more a toll than a actual question, I posted that question a few minutes before one of the hashes where cracked and the curious been inside me wanted to know about your rates and the time you took to crack that hash…
When showed up the first one after more than 8 hours cracking I move forward with that password, now I’m trying to take advantage of the dev api
*To the people in the same phase, don’t try to guess parameters (read with detail the page and compare with the first one you saw in prior phase)

nullb1te · October 23, 2022, 5:53pm

I can see why this machine has such a low rating… Overall its not that bad i learned a lot from it, however it was definitely too CTFy for my taste or skills
I needed few nudges along the way to be able to finish it.
For anyone stuck feel free to drop a PM.

kujen5 · October 31, 2022, 10:03pm

can I dm anyone for some help to get root? been stuck for almost 2 days now

wildr0se · November 1, 2022, 4:36pm

I think I need some assistance, if anyone who has rooted lately could nudge - after discussing with some other users I got a nudge on the intended route to exploit root, but it seems the box has been updated and the path for exploitation has changed. Given that this box seems to require a lot of h______t or j__n, I’m running into a bit of a wall

F1shm4n · November 3, 2022, 10:25pm

I also have no clue, how to RE … for root! Does anyone has a hot tip for me? Thanks in advance!

robinas · November 4, 2022, 2:39pm

Any nudge for the last privesc? SSH’d into the box and did a privesc to the second user. I can see I have a privilege to do something as this second user, but not getting through.

hasp0t · November 18, 2022, 8:35pm

Hi! I’m also stuck on the last step for PE. Any nudge would be appreciated!

dylvie · January 2, 2023, 8:37pm

A nice machine unless for the root part encrypt understanding. Thanks, @InfoSecJack !

FOOTHOLD : enum. Understand why you cannot access subdomain. Get RCE and forge cookie. You’ll get ssh key because you’re in a container and resources are shared.
USER : just login and grab user.txt
ROOT : that’s the challenging part. You have to privesc first because user haven’t the rights. Then you can use a special script that encrypts. The idea is to understand algorithm limitations and find salt.

shoebill · January 15, 2023, 4:40am

I tried a lot of methods to bypass 403 but they didn’t go well.
This means that I should connect there from container ?

shoebill · January 17, 2023, 8:36am

accessing through proxy is so slow and it timeouts many times. is this usual? or the box’s condition is bad?