Official UpDown Discussion

Official discussion thread for UpDown. Please do not post any spoilers or big hints.

Rooted. Back to the basics! Nice to see that with some quirks. Easy Medium-rated box!

Shoud I try to bypass the validation? Or need to research for attack vector?

Does someone have a little hint to share?
I found something interesting by enumerating, but i’m kinda stuck

Hints:
Foothold: Just git gud and develop a bypass to whatever is blocking you. Then review what you have to know what you have to send.
User: What you need to exploit is obvious. How? Obvious still. There are actually two paths forward.
Root: This is actually so obvious that I am not even giving you a hint.

2 Likes

And rooted. It was pretty easy.

USER FLAG

  • Searching the place for a dev space, dumping the parts for an entry;
  • Knowing the phrase for something special, showing the ways to somewhere great.
  • Seeing the place and reading the code, spotting the vulns and the craft;
  • Checking the web for a mode, knowing the form then you are not far.
  • Into the realm and get to the home, reading the bean and the animal;
  • Knowing the bean superbs the animal, breaking out the stomach of the foke.

ROOT FLAG

  • Checking the rights, knowing the mights;
  • All you need is finding the right site.
3 Likes

Can I get a nudge, I’m stuck on a website, I can elaborate more in a PM.

rooted!
Very fun machine!

These cryptic nudges are horrible. Can you guys be more blunt? Most of us don’t have trouble finding the development. We need nudges in the form of things to read about involving tools or methods used to bypass the seemingly simple (albeit, not for use noobs) WAF.

2 Likes

this is not the forum for that kind of nudge, they block your account. suggest you to look elsewhere for that kind of nudge.

Rooted :ok_hand:
Btw Root is way easier then user.

I am not able to engage the reverse shell and I think I have all the pieces… can someone help me?

This is a classic easy box. Remember health box? And now compare it. Do all easy boxes like this just for practice. Easy box means you can easy hack it :slight_smile:

Really fun box so far. I haven’t gotten user yet, but the goal is in sight.
Spent some quality time digging my own rabbit holes.
Now I just need to figure out the last step for user.

Can I get a nudge? I have git-ten some files but confused on where to go from here

Have you done the Trick machine? Something similar is needed to make use of what you have got.

Analyse the git log properly :slightly_smiling_face:

User at last! That took me way longer than it should have ™
But I’m taking my sweet time, stracing stuff on my own box to understand some details.
Can’t wait for the ippsec video demonstrating what I’ve worked 3 days for in like 2 minutes

On to root now, see you guys next month!

User: Enum, get the loot, get a degree in archeology and dig up some dirt, go to worksite, apply pre-existing basic knowledge (or spend 3 days learning how) to exploit the obvious thing. Explore new areas, obvious path forward is the way to go. Apply pre-existing basic knowledge (or spend the afternoon learning how) to exploit the obvious thing.

I relied heavily on scripting to interact with the system and tested everything locally to gain a better understanding of why some things work and others don’t.

The box isnt bad, i would rate it as one of the easy medium boxes…
For foothold:
Just enum with standard tools, there is something hidden that you can uncover.
When you do, the logs are your best friend, from there you can bypass what is blocking you.
You have access to the apps internals, just try to understand the flow and you will be able to figure out what to send.
Before starting to bang your head why the payload is not working, try to check what may be blocking its execution.

For user:
This is pretty easy… focus on the simpler part and you will notice that its asking for malicious input…

For root:
This is as easier, as it gets… just for this part alone i would drop the rate of the machine to easy :smiley:

If you get stuck anywhere just ping me for a nudge.