Official Shared Discussion

Official discussion thread for Shared. Please do not post any spoilers or big hints.

Hello, is working?

I can’t ping the box. Is it working?

looks like its working now!!!

Rooted. Very simple Medium box. I would put it in the Easy category, but I am not complaining :slight_smile:

Hint for Root ?


User: Enumeration and reading hints on the box will get you there. The original page will get you what you need. Check out a classic web exploit and you are in baby! Then just use your usual tools to find interesting stuff.
Root: Groups and files. Why is this on the box?? Chekhov’s gun?! Guess I better analyze what it does… A red dragon could tell me its secrets, but maybe there is an easier way!

Thanks !

Root it ! :smiley: , easy but cool Tho

Im stuck on getting user :frowning:

rooted \o/

Any tip on user?

user flag:

  • web enum to identify domain and subdomain
  • proceed to buy some biscuit
  • the sweets are not actually sweet, but stitchy; may be due to the needle
  • dump the candy and get into their world
  • check the background and find a serpent
  • trick the serpent by providing it another profile
  • be the other person and read the flag

root flag:

  • check the background and identify a root process
  • find a tool that seems to connect
  • get the tool and listen to it
  • login to the data storage and start to troll
  • in order to exploit, let’s build a module
  • now you are root

rooted, relatively easy box. :smiley:

Nice machine

FOOTHOLD: normal enumeration, you will read what the say, then change some text to see what happens and try to exfiltrate.

USER: just enum what other users are doing, and Google It to see what can you do

ROOT: again, easy enumeration, then try to get that secret, use it in the service and Google

ask if you need