Probably 2 minutes. You may find one that isn’t salted lying around somewhere. I’d suggest finding it.
2 Likes
This box was fun. Kudos to the author. If anyone needs a hand, let me know.
Any hint on how to modify the POC in order to work properly?
Try to intercept what your script does. And if you figure out why it doesn’t work, then you will know right away what needs to be fixed. A quick fix… Also if you google for that issue you might find another resource discussing the same POC being adapted for another specific situation. 
I understand the idea but don’t know how to debug or log any information, I know the point that
This POC is depending on writing webshell, so finding a suitable folder with writable permission is necessary.
but idk how to know if I’m going in the right way.
1 Like
Can someone tell me that the first hash can be broken in another way. Is the second hash like this ?
Neither. Just use crackstation =P
1 Like
I intercepted the PoC script with burp, but didn’t understand what I was looking at. But then I realized that there is a difference in the PoC scripts that can be found via web search.
Fairly straight forward box IMO? May be more on the “Easy” side of medium.
Knowing which oyster in the ocean had the right pearl was maybe the hardest part.
1 Like
Hi guys, I tried a foothole exploit and got a shell with $ but when I enter id nothing happens. What does this mean? I have also tried importing a python shell but nothing happens either.
I would expect something like:
$ id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
but nothing happens.
dude i have the same problem if you figure it out dm please haha
I also ran into this. Assuming you had the same PoC I did, look at the code carefully. You’ll see it’s referencing a proxy and I got it to work by having Burp open (defaults to 8080).
2 Likes
great box
it’s a shame it’s the only medium Linux machine this season, I wish it had more
for anyone having problems with the initial poc, use burpsuite and put all requests to pass through his proxy. You need to see which first request is causing an error on the application and check the data being transmitted to correct it (it’s a minimal thing, I spent hours on this task)
1 Like
This was a fun one for sure. I didn’t like the very last step of the root part, but apart from that had a blast tonight with it.
There are a lot of hints I see here, so I got nothing to add there.
I believe it was a bit on the easier side, not a hard medium that’s for sure.
There were some interesting rabbit holes here and there, nothing too serious.
Learnt a ton, thank you for the box @TRX and @TheCyberGeek.
See you on the next one guys
Any hints on the RCE? I’m having trouble with the PoC and a hint as to what the problem is would be awesome.
1 Like
Check the poc your are using and maybe scroll down check for the url he is using in burp. When the shell is on the server you should be able to interact with it using the browser.
1 Like
how to modify the initial POC in order to work?
While I was writing a write-up for this machine. I’ve notice the forked poc needed to be modified while the original with picture and so on worked without any modification.
P.s.: There was a fresh comment about a closing tag but I haven’t checked it as long the closing was missing in both versions.
is anyone else having an issue submitting root flag? nevermind, machine (i’m guessing) was reset and the flag i had was no longer valid
For those still struggling with the initial POC, for me what worked was fallow the @JimShoes tip, with that I could understand what to change.
Furthermore, the POC in GitHub Gist was forked by some guy that adjusted it to work with this box. He also replace the web shell by a reverse shell.
1 Like