Official discussion thread for Shared. Please do not post any spoilers or big hints.
Hello, is working?
I can’t ping the box. Is it working?
looks like its working now!!!
Rooted. Very simple Medium box. I would put it in the Easy category, but I am not complaining
Hint for Root ?
User: Enumeration and reading hints on the box will get you there. The original page will get you what you need. Check out a classic web exploit and you are in baby! Then just use your usual tools to find interesting stuff.
Root: Groups and files. Why is this on the box?? Chekhov’s gun?! Guess I better analyze what it does… A red dragon could tell me its secrets, but maybe there is an easier way!
Root it ! , easy but cool Tho
Im stuck on getting user
Any tip on user?
- web enum to identify domain and subdomain
- proceed to buy some biscuit
- the sweets are not actually sweet, but stitchy; may be due to the needle
- dump the candy and get into their world
- check the background and find a serpent
- trick the serpent by providing it another profile
- be the other person and read the flag
- check the background and identify a root process
- find a tool that seems to connect
- get the tool and listen to it
- login to the data storage and start to troll
- in order to exploit, let’s build a module
- now you are root
rooted, relatively easy box.
FOOTHOLD: normal enumeration, you will read what the say, then change some text to see what happens and try to exfiltrate.
USER: just enum what other users are doing, and Google It to see what can you do
ROOT: again, easy enumeration, then try to get that secret, use it in the service and Google
ask if you need
For some reason the foothold really held me up. The rest of the box was pretty straight forward. Thanks for the fun box!
any hint for user flag
See for example the hints that meowmeowattack has given earlier in this discussion. They “reveal” all the steps you need. You just need to interpret/think them through carefully. I found the foothold to be the hardest part. After gaining foothold reading the nudges already given in this discussion and using Google will get you there.
Still struggling with the foot hold. Are you guys using the regular needle tool or custom scripts?
What do you mean by the “regular needle tool”?