Could you share the writeup? I got stucked getting the user
My only complaint about this box is that root is not medium. If youāre struggling on root, youāre not alone. There are breadcrumbs in the machine, but what is needed is something I wouldnāt consider to be in the toolbox of users just coming out of the easy box section.
All that being said, in the end this was a great box, because it forces you to learn new tools.
- Foothold took a little bit of time since itās a lot of manual enumeration to find the existing CVE to get in.
- User pivot was pretty cheesy in my opinion. No hate, it was just really out of place, very CTF I feel. I could be wrong and there may be some real world scenario for it, but it was a bit meh for me. Thereās a string in a file that requires some hexdumping trickery. Again, not super realistic, but it does provide an opportunity to learn a new technique.
-
Root was the hardest part. The breadcrumbs are a bit CTF-ish again, but thereās only so much one can do to hide information on a single machine. You find a file and another string and another crumb and another file and then the fun really starts. Someone already mentioned using
ghidra
(can be installed via the apt repo for debian distros) and Iāve never used it before this box and it was quite the ride. This was the part that bothered me the most. Foothold and User were medium, but root viaghidra
was a lot harder than a medium box should have been. Take your time, decompile and read the code. Look for sensitive information and functions, check the variable names and see how they are built and processed so that you can then put together a recipe and bake to get your solution.
PM me if you need any nudges or help.
2 Likes
root definitely not a medium level box. had to go to a writeup for this oneā¦thats insane