Official UpDown Discussion

Fun box !

Foothold :

• A good enumeration on the website is the key to understand where you need to go then. They are some hidden things, try to catch them.
• Once you have it, pay attention on what you are able to do, or not. If you are kind of beginner, read the documentation about the language used.

User :

• The user is really easy when you know the trick. But if you don’t, try to search about the language used and find some juicy stuff on the web about it.

Root :

• Root is particularly easy. A hint is useless.

FOOTHOLD/USER
The foothold and user were fairly difficult, but with enough research and a little bit of help, I was able to get through the box. There were a lot of times I almost gave up, but I just kept on pushing and trying. I learned a lot of new things.

ROOT
Gaining root on the box is fairly easy, regarding if you know how to utilize your open source research.

If you need any help or a nudge, feel free to message me

Wow, root is free.

Hey, I need help… I upload my file to directory but I cant open it before it disapear. I add in file a lot of sites before main part, but again I dont have enought time to go to dir and open file in there… Any hints?

Wonderful learning experience. Thanks to @AB2. It was hard for me for user part.
Appropriate hints already given in this thread.For nudge dm me,ready to guide.

Have a question about the .***r file,can I ask anyone privately? Don’t want to spoil for anyone

In right track,if you are doing right it will buy you enough time…

hi

When I update shell and run it i got message "WARNING: Failed to daemonise. This is quite common and not fatal. " from it. Does anyone got same problem? Am I doig something wrong? If someone can send me message, it would be great…

tradtional ways of achieveing rce at your step are not going to work, you need to do some extra research.
But you are going in the right direction.

General hints for everyone:

Foothold: there are techincally two filters you need to bypass…(Hacktricks is your friend)

User: something about the program version and one of it’s functions that is being run in the script.

Root: Easy Enum should take like 5 seconds.

hi

Rooted! Fun box! Root was too easy

Anyone willing to give me a nudge? I’ve got some initial stuff working on foothold but can’t get code exec. Please DM and I can provide more info

Edit: Nevermind, got my initial shell. What a ride

And rooted! What a fantastic box. Foothold was quite a bit of work compared to user and root but overall a great learning experience and quite fun.

Feel free to reach out for a nudge but let me know what you’ve already tried!

Why I can’t catch the flash?

Oh, catched

Rooted! DM me on discord (n3hal#1527) if you need any hint.

ROOTED…!!! really nice box…if u guys stucked anywhere…just dm for hints…!!!

 gud luck....!!!!!

you shouldn’t post full solutions here until the machine is not retired

Great machine, teaches a lot for this kind of vulnerability, thank you!
root:$6$35UwqDmGM31K3z1O$EV0yHaL…

• Foothold: 1st enum properly, than you will figure it out what to do but it is quite hard to start in the right direction if you don’t know the technique. I fall into the rabbit hole that not everything is allowed on the server that it was on my own machine, so after days I had to find a different solution and I learnt a lot. But than you figure you don’t even need to go that far don’t need much of the advanced stuff because it is way easier kind

• User: easy technique, old snakes are vulnerable

• Root: really is a piece of cake