I’m absolutely lost with getting root.txt. I’ve got root (or at least I think I do) shell on the b***** docker, but found nothing that indicated where I should be going next. Any tips?
Hello guys, I am in the first container but having difficulties downloading files to it, any hints on how to do it. p*** script which is working on my attacker box is now giving me errors in the container
Late to the game but I must say: this box really rocks! Thanks @yuntao
I used perl reserve shell one liner and got the shell which is root, but I am not able to find the root.txt. Any hints please.
Am I doing wrong?
I’m in the second container with a limited shell… I can see user.txt, but cannot read it… I’m enumerating loads of things… but I’ve been stuck for hours. Can anyone drop me a line with a hint?
I cant find the initial Webapp. Someone can give me a hint?
Edit: Neverming, got it.
This box is close to breaking me. I think I like it but I am frustrated at how little progress I am making.
Stick to the basics and take lots of notes.
Every time I think I’ve made a step forward, I take six or seven backwards 
@0uts said:
I’m absolutely lost with getting root.txt. I’ve got root (or at least I think I do) shell on the b***** docker, but found nothing that indicated where I should be going next. Any tips?
Snap
Could you please stop rebooting this machine, it is so long to get to the final docker… Thank you
I found user.txt but can’t read it due to permission errors. I checked every corner of the system and don’t have any idea how to read that file. Any advice?
NVM 
I already got user.txt
Working on root.txt
Interesting machine
I’m almost at finish. I can access b**** machine port 8**. Can list files and directories. So what? how can I get a shell from b***** machine. I tried -e(-rsh) option but didn’t work.
Got root on b****. Can’t find root.txt, WTF?
I am in 1st container and done port scan for 2nd container … i know the open ports for 2nd container … can anyone give me nudge ? how to move to next step… thanks
Great Box @yuntao,
Thanks to @opt1kz and @ninpox for help.
i think i’ve beaten an HTB record ( over 2 months of trial on a box 
). I may suggest the following to anyone attempting this box too ;
1- For initial entry https://quentinkaiser.be/pentesting/2018/09/07/node-red-rce/
automating the process with this exploit is even better https://gist.github.com/QKaiser/79459c3cb5ea6e658701c7d203a8c297 , but you may have to adjust it a little to fit your needs
2- https://www.offensive-security.com/metasploit-unleashed/portfwd/ and https://packetstormsecurity.com/files/134200/Redis-Remote-Command-Execution.html
can give an idea on how to get shell on the second container.
3- For those at the second container https://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt
4- For those at the last container i hope this will be a hint on where to search
https://askubuntu.com/questions/182446/how-do-i-view-all-available-hdds-partitions
other useful resources
any help on getting user
@bkasrnyr said:
any help on getting user
Hard to know where you’re at and there are multiple steps to get user. If r0pSteev’s comment above doesn’t help and/or you’d like more assistance, I’m happy to help via PM.
Anyone Help me plz.I am very close to second conatiner but need a subtle hint.