This image kinda sums up the machine 
Stuck after the reverse shell on the web server, I can see the user flag but canât access it. Probably need to enumerate more and organize better the info I already haveâŚ
Stuck on getting root - got passed the user flag - I would appreciate if somebody who owned root on Reddish would reach out to me on PM to discuss the approach for root.
Got user flag and access to some other container (which may or may not be useful) but kinda lost as to how to proceed from here.
What a journey⌠finally got root 
- PM if you need a nudgeâŚ
Thanks to the creator of the box⌠Definitely think its a cool box, but yeah its sad to loose the shell far in the process 
Also got root flag, definitely fun box and props to @yuntao for creating it.
Wouldnât say the box was âhardâ, but it was surely longer than usual and also it put you in a total different environment than most of the medium-easy box iâve done so far.
I can also understand the struggle of getting a reset while youâre on later stages of the box, but if you keep your notes well you can get back to any phase with at most 3-5 min worth of waiting (although if you keep getting resets its probably pretty frustrating).
Really interesting in more boxes like this one, with maybe some checkpoints added here and there to remove the stress of constants resets.
i am new to pentesting, so i might need help here, I already owned 9 active machines but this box is of different level i know, can anyone tell me how to scan it ? every time i scan it iget connection resets, PM if there is spoilers guys.
I am totally stuck. Got reverse shell on 2 containers, can see the user.txt on the second one, but have no idea how to proceed. Does someone have a little tip for me how to proceed.
ok must be the only idiot here. I have access to IP:PORT:ish/ID. what the â â â â do I do with this? tried adding exec with output to debug but nothing happens, please help, please DM, yes I am an idiot! but still need help
Thanks got help. Sadly stuck on file upload & execution. think file upload using thingy is working. think not understanding how properly to access, try same thing to connect but not working (if you have done box hopefully youâll understand that)
I have the first shell and I am stuck at the next step. I have found something, but I am not finding a way to exploit it. Can someone give me a nudge or a page that would be helpful? My searches havenât found anything useful.
â â â just finished this box. wanted to write it up (yes I know I should have done that along the way). I am sat here perplexed, I donât know what I just did, couldnât explain it let alone write it up. have to say this box is awesome! congrats yuntao, awesome. please donât msg me and ask for help as I have no idea on what I just did. a couple of fellows sent me some tips, but things other ppl did didnât work for me. like once you have shell, getting that to be meterpreter and using pf cmd in meterpreter and then the r***-*** stuff! I had to use s**** on the box with multi terminals for all the steps. anyway, box = pwned , so all good. again awesome box. tough but rewarding. thanks to n* and 1* - needed it!
st> @adyd said:
ok must be the only idiot here. I have access to IP:PORT:ish/ID. what the â â â â do I do with this? tried adding exec with output to debug but nothing happens, please help, please DM, yes I am an idiot! but still need help
at this stage now, tried exec to create rev shell no luck
can someone give me a nudge or a page that would be helpful?
@kecebong said:
at this stage now, tried exec to create rev shell no luck
can someone give me a nudge or a page that would be helpful?
Before trying a reverse-shell, you should already be able to execute command and get the output via the interface with a lot of buttons.
Once you have it working, you can either:
- use a scripting language available on the server,
- download a binary from your computer and save it on the server, execute it after chmod
- download and save source code, compile and run the program
st> @cgrenier said:
@kecebong said:
at this stage now, tried exec to create rev shell no luck
can someone give me a nudge or a page that would be helpful?Before trying a reverse-shell, you should already be able to execute command and get the output via the interface with a lot of buttons.
Once you have it working, you can either:
- use a scripting language available on the server,
- download a binary from your computer and save it on the server, execute it after chmod
- download and save source code, compile and run the program
thanks @cgrenier, got shell
i need to use exec spawn!!
@kecebong said:
st> @cgrenier said:@kecebong said:
at this stage now, tried exec to create rev shell no luck
can someone give me a nudge or a page that would be helpful?Before trying a reverse-shell, you should already be able to execute command and get the output via the interface with a lot of buttons.
Once you have it working, you can either:
- use a scripting language available on the server,
- download a binary from your computer and save it on the server, execute it after chmod
- download and save source code, compile and run the program
thanks @cgrenier, got shell
i need to use exec spawn!!
got user.txt, stuck at w** container, do i need to get shell for b***** container to get root ?, i could get data from b***** container from rsy** but kinda lost as to how to proceed from here :(.
@kecebong said:
@kecebong said:
st> @cgrenier said:@kecebong said:
at this stage now, tried exec to create rev shell no luck
can someone give me a nudge or a page that would be helpful?Before trying a reverse-shell, you should already be able to execute command and get the output via the interface with a lot of buttons.
Once you have it working, you can either:
- use a scripting language available on the server,
- download a binary from your computer and save it on the server, execute it after chmod
- download and save source code, compile and run the program
thanks @cgrenier, got shell
i need to use exec spawn!!got user.txt, stuck at w** container, do i need to get shell for b***** container to get root ?, i could get data from b***** container from rsy** but kinda lost as to how to proceed from here :(.
No, you donât need shell. Explore the last system via rsy***
got user.txt, stuck at w** container, do i need to get shell for b***** container to get root ?, i could get data from b***** container from rsy** but kinda lost as to how to proceed from here :(.
No, you donât need shell. Explore the last system via rsy***
thanks @pup !, got it!, on diff location, didnât expect it!
@pup said:
@kecebong said:
got user.txt, stuck at w** container, do i need to get shell for b***** container to get root ?, i could get data from b***** container from rsy** but kinda lost as to how to proceed from here :(.No, you donât need shell. Explore the last system via rsy***
You need a root shell from b***** unless the previous guy who got a shell forget to cleanup.
@cgrenier said:
You need a root shell from b***** unless the previous guy who got a shell forget to cleanup.
I absolutely disagree. rsy*** is quite enough to get root.txt. But It is easier with shell, of course.
@pup said:
@cgrenier said:
You need a root shell from b***** unless the previous guy who got a shell forget to cleanup.I absolutely disagree. rsy*** is quite enough to get root.txt. But It is easier with shell, of course.
Being able to run commands as root on b***** is required, true, no shell is needed.
If you found the root.txt by exploring via rsy***, it means than someone has forgotten to cleanup.