Official Shared Discussion

Official discussion thread for Shared. Please do not post any spoilers or big hints.

Hello, is working?

I can’t ping the box. Is it working?

looks like its working now!!!

Rooted. Very simple Medium box. I would put it in the Easy category, but I am not complaining :slight_smile:

Hint for Root ?

1 Like


User: Enumeration and reading hints on the box will get you there. The original page will get you what you need. Check out a classic web exploit and you are in baby! Then just use your usual tools to find interesting stuff.
Root: Groups and files. Why is this on the box?? Chekhov’s gun?! Guess I better analyze what it does… A red dragon could tell me its secrets, but maybe there is an easier way!

1 Like

Thanks !

Root it ! :smiley: , easy but cool Tho

Im stuck on getting user :frowning:

rooted \o/

Any tip on user?

user flag:

  • web enum to identify domain and subdomain
  • proceed to buy some biscuit
  • the sweets are not actually sweet, but stitchy; may be due to the needle
  • dump the candy and get into their world
  • check the background and find a serpent
  • trick the serpent by providing it another profile
  • be the other person and read the flag

root flag:

  • check the background and identify a root process
  • find a tool that seems to connect
  • get the tool and listen to it
  • login to the data storage and start to troll
  • in order to exploit, let’s build a module
  • now you are root

rooted, relatively easy box. :smiley:

Nice machine

FOOTHOLD: normal enumeration, you will read what the say, then change some text to see what happens and try to exfiltrate.

USER: just enum what other users are doing, and Google It to see what can you do

ROOT: again, easy enumeration, then try to get that secret, use it in the service and Google

ask if you need

For some reason the foothold really held me up. The rest of the box was pretty straight forward. Thanks for the fun box!

any hint for user flag

See for example the hints that meowmeowattack has given earlier in this discussion. They “reveal” all the steps you need. You just need to interpret/think them through carefully. I found the foothold to be the hardest part. After gaining foothold reading the nudges already given in this discussion and using Google will get you there.

Still struggling with the foot hold. Are you guys using the regular needle tool or custom scripts?

What do you mean by the “regular needle tool”?