Official Unobtainium Discussion

I gotta say, weird but interesting box, if anyone wanna help me with nudges pm me here or dm me on discord SuPerCoW#8100

Finally got root, very nice box !
Pm me for hints

Got root. It truly was a learning experience. If you need any hints you can pm on Discord: Lich#8715

Hello can anyone help me. I found another IP address after getting foothold, in K***** P** on d** namespace. How to enumerate it. Please help me. Sorry for my bad english.

Spoiler Removed

Rooted.

user for me is easy. but getting on root is such a pain in the ass.

Trying to bruteforce files other than to.txt – I have found the u*** endpoint and creds but not sure what to do from here

foothold was definitely hard, but now trying to understand the escape. Does anyone have the documentation they can refer me to?

Edit - figured it out.

Fun box and great experience… Thanks @felamos
Much thanks to @0xLich and @godylockz

Really fun box which taught me a lot, thanks @felamos.
Thanks also @sicario1337 for keeping me on track.

PM if you need a nudge.

I got root after a long journey.
Mega thanks to following friends:
@xtk and @mcdave2k1

They helped me to solve the very hard box.

FInally rooted one of the most challenging box so far.
User is quite straightforward, everything is in front of your unobtainium app :smile:
For root, you have to be familiar with containers, so thanks to tahaa and dionysus for bringing me to the right road.

I’ve just started on this box, having fun already :slight_smile: Did anyone else notice that the favicon resembles the one used by the Dutch newspaper “de Volkskrant”, or is it just me? (http://www.vk.nl)

This was really well done for sure! Lots of fun.

Type your comment> @CounterSu said:

I’ve just started on this box, having fun already :slight_smile: Did anyone else notice that the favicon resembles the one used by the Dutch newspaper “de Volkskrant”, or is it just me? (http://www.vk.nl)

Got user! Took me a long time since there was a lot of new stuff to learn; the box employs some techniques I didn’t know - but do know now. Great experience so far!

Great box, the foothold especially was really cool. The different tools I used and ideas I had to follow through were very exciting and just that was already a lot because I learnt quite a lot of new stuff.
The root part had me very confused and I really wasn’t sure what I was doing until the end. Even after that, I plan on doing that box a few more times to carefully take notes along the way because I still feel like in the middle of the smog.
Overall, really cool box, and I really loved the foothold :slight_smile: Thanks @felamos

Very very interesting box, good job to @felamos for something different. The foothold was quite convoluted for me, as I am not familiar with the language, but the root part instead was fairly smooth and quick, but very real-word like!

Finally rooted this box!

Thanks @felamos, I had a great learning experience both with user and root. The great thing about this box is that it forced me to research new techniques and methods - and exploiting them. What a ride.
Respect towards @sudneo. Could NOT have done it without his help and advice!!

Some hints:
User: Everything you need is in the app. There is more than one way to reverse and use it.
Root: Once you figure out how the container is managed, follow the yellow brick road. Enumerate and research. This quite a new path so resources might be limited. Be persistent!

Finally root, this took me a lot of effort I’m sure who is familiar with technology involved can solve the box with less trouble than I had.

Foothold/User: analyze carefully what you have and extract useful informations. At some point with enumeration you should be able to find the right path, try not to pollute with too much enumeration.

Root: once you’re in classical enumeration will make you understand that something is behind the scene. Here I had to do a lot of study and google-fu. You need to create something malicious (using same approach as foothold) that could allow you to reach the goal.
I managed to retrieve the flag and a shell, but it was really unstable I don’t know if anybody experienced the same situation.

Thanks for the box!

Dm me if you want any nudge