Official Ready Discussion

Type your comment> @ElleuchX1 said:

Still can’t find a way to get D user…
I got the /r***_p*** but doesn’t seem to be working on any user.
Any nudges will be appreciated
edit: rooted
uid=0(root) gid=1001(xx) groups=1001(xx)

any nudge for D user? @ElleuchX1 @Embargo

Looking to discuss. Got root flag but definitely not intended way. Never got. Shell. Lol definitely an odd box.

Finally rooted this machine and got the flags an unintended way. Nice box with some new learnings.

I got shell with g user, but got stuck afterwards. Any nudges? :slight_smile:

can’t find the root flag pretty weird

Hey, I can’t find anything interesting. I already searched for directories with Dirbuster… nothing. Looked for something interesting in the source code… nothing.
I would be very thankful if someone could give me a hint to what to look for, maybe via pm.
EDIT: received a hint :slight_smile:

Is the machine broken as there’s no root.txt anywhere?

Type your comment> @purplenavi said:

Is the machine broken as there’s no root.txt anywhere?

Not broken. There is more work to do. This is where I am at and am having some errors with my process.

I read the user flag real easily (using one technique against the software), but don’t seem to be able to get RCE (using a different technique against the same software), even though I’ve used this fine in other challenges. Therefore I can read a lot of things, but no shell for g or d user. Going round in circles. Anyone able to help me get back on track?

Edit: the RCE technique worked fine - I just had bad characters in my payload. Got root, and more. Good box - definitely learnt a few things - including to not take anything for granted and keep disciplined.

any hints for initial foothold? send me a pm pls

Rooted!
It was same like redoing the laboratory for initial part. But overall learnt an interesting technique while escalating to root.

This was great, one of the most different boxes I’ve done on here. Not really similar to laboratory at all.

Type your comment> @purplenavi said:

I got shell with g user, but got stuck afterwards. Any nudges? :slight_smile:
Just got root. Spent ages going down rabbit holes, but it’s not as complicated as I had thought. Look at what you can find that might have something useful.

Would appreciate a nudge on the privesc. Have shell with g user, seen r_p etc…

foothold: looks like Laboratory.
user: to search well is to display in clear
root: escape game, hacktriks will help you a lot

rooted, feel free to pm

Got root at last.
It’s very easy to overlook some of those things, easier than previous gitlab challenges

got user. working on root.

Hi people.

Yesterday a get the user flag by lab method, but today I trying the same method but the server answer with http 500. Anybody have this same problem?

@embranco said:

Hi people.

Yesterday a get the user flag by lab method, but today I trying the same method but the server answer with http 500. Anybody have this same problem?

Maybe they patched that unintended path. At least for me it also doesn’t work with the lab method (and the ready made exploit also doesn’t work, even with modified payloads :confused: )