Official Soccer Discussion

When u find the hidden thing which will help you to point the port and show what is that. :+1:

Rooted! This is a very nice machine regardless of the cleanup policies.

Yes, i’m change blackarch to kali linux and page has successfully loaded :confused:

Got user, that was pretty straight forward and really not too difficult, just time consuming. That was a pretty awesome and interesting path.

Stumped on root.

Pretty sure I know what I need to do just unsure of how to actually do it. I tried putting a thing in the place I can write to based on what I could find through my research on the service, but the service doesn’t seem to be looking in that location.

Couple asks - could someone DM me some reference points on how to craft the thing for the service and to make sure the service is looking in “all” the places for the things?

Thanks! Based on level of effort thus far, I agree that Medium would have been more appropriate.

You can dm me

Did someone change file permissions, or is path to root really that easy? Took me a day to get to user, but 2 minutes to root. Without giving it away, let’s just say it was a simple -p that allowed me to root.

@ping254 It looks like you found someone’s leftover’s because path to root was definitely more complex.

Fun box! I actually didn’t this was too difficult but I don’t think I would have figured it out without the help from here.

For Foothold: Enumerate the website to find a new place. Note: always make sure to change default creds. People can often find them. Once you’re in, play around with different methods and locations to get a malicious file onto the site.

For User: There’s another subdomain/vhost. The site is running Nginx. Where can you find information about how it’s configured on this box? Exploiting this subdomain seemed a little more complex as I haven’t interacted with this tech very much, but ended up actually being very simple in the end. When you enter data into a certain box, how is info being retrieved? What’s happening on the backend? What’s a common vuln to check for in search boxes? There’s a blog post and a script others have mentioned that I didn’t end up having to use. There is a cron running here that will delete your user account fairly often, if you’re having issues, make another account and continue on.

For Root: This was actually really pretty simple but I over analyzed it. Our favorite vegetable enum script will highlight this vuln. Look into maybe plugging in something into a certain command. Perhaps you can plug in something malicious. Look at the other things already on the system that can be plugged in to this command. Looking around the internet, info is sparse on the privilege escalation potential of this command but I did eventually find a guide to exploit it. After reading the guide, I could have pretty easily figured it out on my own.

Feel free to PM me for help. I’ll get back as soon as I can.

solved easy my mistake was in the header of the script

Annoying broken pipe all the time. Some hint for do it faster with de retrieve…?

At some moment my whole internet went down, so I had to close all the tabs that were using it :flushed:

I liked the challenge, it wasn’t as hard as I thought based on the other comments, just needed to wait a lot, and I’m glad we have so many tools with easy access

To get the root is considerably easier than get the flag, you just need to know what to search for

If anyone is stuck, R is always here, and I surely can help you :heart:

1 Like

That’s a fun box, with a couple of new/interesting things (for me, at least). Minor frustration with how quickly things got cleaned up, so I found myself repeating a few commands here and there, but very satisfying in the end.

All the hints you need are in this thread, but feel free to give me a nudge if you need a hand.

Hi, I entered into the file manager. Then I’m lost again. Can you give me a hint?

Of course, I sent you a message on the topic :heart:

1 Like

@Diaboltz @pyfffe @emze
Guys I have added xxx.soccer.htb to my hosts file

10.10.ab.abc    soccer.htb xxx-yy.soccer.htb

But I got 502 Bad Gateway error?
How did you fix this?

Ok, I cannot fix this issue in the very same day. So I gave up. Now today I started over and I did not get any errors. ¯_(ツ)_/¯

if anyone struggling to enum privesc to root I suggest to update your enum tools to latest versions :smiley:

Great box, user was fairly straight forward. Getting to root stumped me for a few hours. I would even go as far to say this box is more medium than easy. Regardless, kudos to the creator!

This box was a lot of fun, the path to user was unexpected. There are plenty of great hints in the comments, I found the blog post that @devi4nt mentioned to be particularly helpful, that was the trickiest part of the box in my opinion.

Feel free to DM any questions and major props to the creator, I’m somewhat new here but it’s definitely my favorite box so far.

Nice box.

Getting the user not easy for me but not so difficult with some google help. Something new for me for the particularity of retrieving some useful information.

The root part was so easy instead.

I enjoyed it.

good job.

Tried everything after reading the thread was able to get sqli and did as per the mentioned blog . But still having some trouble in dumping the needed data. Anyone who solved the box recently , can you provide a little sanity check to know if am in the right path ?