Official discussion thread for Shared. Please do not post any spoilers or big hints.
Hello, is working?
I can’t ping the box. Is it working?
looks like its working now!!!
Rooted. Very simple Medium box. I would put it in the Easy category, but I am not complaining
Hint for Root ?
User: Enumeration and reading hints on the box will get you there. The original page will get you what you need. Check out a classic web exploit and you are in baby! Then just use your usual tools to find interesting stuff.
Root: Groups and files. Why is this on the box?? Chekhov’s gun?! Guess I better analyze what it does… A red dragon could tell me its secrets, but maybe there is an easier way!
Root it ! , easy but cool Tho
Im stuck on getting user
Any tip on user?
- web enum to identify domain and subdomain
- proceed to buy some biscuit
- the sweets are not actually sweet, but stitchy; may be due to the needle
- dump the candy and get into their world
- check the background and find a serpent
- trick the serpent by providing it another profile
- be the other person and read the flag
- check the background and identify a root process
- find a tool that seems to connect
- get the tool and listen to it
- login to the data storage and start to troll
- in order to exploit, let’s build a module
- now you are root
rooted, relatively easy box.
FOOTHOLD: normal enumeration, you will read what the say, then change some text to see what happens and try to exfiltrate.
USER: just enum what other users are doing, and Google It to see what can you do
ROOT: again, easy enumeration, then try to get that secret, use it in the service and Google
ask if you need