Official Shared Discussion

system · July 23, 2022, 3:00pm

Official discussion thread for Shared. Please do not post any spoilers or big hints.

Ic32K · July 23, 2022, 7:04pm

Hello, is working?

XSSDoctor · July 23, 2022, 7:11pm

I can’t ping the box. Is it working?

Ic32K · July 23, 2022, 7:46pm

looks like its working now!!!

JacobE · July 23, 2022, 8:33pm

Rooted. Very simple Medium box. I would put it in the Easy category, but I am not complaining

ltjax · July 24, 2022, 2:15am

Hint for Root ?

JacobE · July 24, 2022, 2:32am

Hints:

User: Enumeration and reading hints on the box will get you there. The original page will get you what you need. Check out a classic web exploit and you are in baby! Then just use your usual tools to find interesting stuff.
Root: Groups and files. Why is this on the box?? Chekhov’s gun?! Guess I better analyze what it does… A red dragon could tell me its secrets, but maybe there is an easier way!

ltjax · July 24, 2022, 2:41am

Thanks !

ltjax · July 24, 2022, 4:20am

Root it ! , easy but cool Tho

MrMidnight53 · July 24, 2022, 10:07am

Im stuck on getting user

binho1337 · July 24, 2022, 12:24pm

rooted \o/

Hoze · July 25, 2022, 11:13am

Any tip on user?

meowmeowattack · August 2, 2022, 2:30am

user flag:

web enum to identify domain and subdomain
proceed to buy some biscuit
the sweets are not actually sweet, but stitchy; may be due to the needle
dump the candy and get into their world
check the background and find a serpent
trick the serpent by providing it another profile
be the other person and read the flag

root flag:

check the background and identify a root process
find a tool that seems to connect
get the tool and listen to it
login to the data storage and start to troll
in order to exploit, let’s build a module
now you are root

mark0smith · August 3, 2022, 2:54pm

rooted, relatively easy box.

p4tria · August 5, 2022, 5:10pm

Nice machine

FOOTHOLD: normal enumeration, you will read what the say, then change some text to see what happens and try to exfiltrate.

USER: just enum what other users are doing, and Google It to see what can you do

ROOT: again, easy enumeration, then try to get that secret, use it in the service and Google

ask if you need

KDirectorate · August 16, 2022, 5:17pm

For some reason the foothold really held me up. The rest of the box was pretty straight forward. Thanks for the fun box!

satya · August 19, 2022, 12:56pm

any hint for user flag

Hackl3 · August 21, 2022, 12:19pm

See for example the hints that meowmeowattack has given earlier in this discussion. They “reveal” all the steps you need. You just need to interpret/think them through carefully. I found the foothold to be the hardest part. After gaining foothold reading the nudges already given in this discussion and using Google will get you there.

riboyster · August 21, 2022, 8:17pm

Still struggling with the foot hold. Are you guys using the regular needle tool or custom scripts?

JacobE · August 21, 2022, 9:31pm

What do you mean by the “regular needle tool”?

Topic		Replies	Views
Official UpDown Discussion Machines	53	6411	February 1, 2023
Official Moderators Discussion Machines	12	2470	October 17, 2022
Official Undetected Discussion Machines	62	5606	June 27, 2022
Official Backdoor Discussion Machines	93	11062	May 30, 2022
Official Driver Discussion Machines	72	9524	May 5, 2022

Official Shared Discussion

Related topics