Registry

@kkbear said:
finally got a shell for 2nd user
know that i should use s*** r***** bp to priv esc
i can b
p whatever file i want, but whenever i try to read it, its permission denied, any help?

Hey, I’m stuck in the exact same place … Any nudge would be appreciated :wink:

Not sure if it is intended or someone is goofing with the box, but is the c***.y* file for b** supposed to reset every 20-30 seconds? It is a wee bit frustrating.

Edit: Doesn’t matter found a way around it.

@kkbear said:
finally got a shell for 2nd user
know that i should use s*** r***** bp to priv esc
i can b
p whatever file i want, but whenever i try to read it, its permission denied, any help?

Hey, I’m stuck in the exact same place … Any nudge would be appreciated :wink:

Read the docs for r*** and remember that where there is a star there is hope. If you need more of a nudge feel free to pm me.

Finally rooted ! my first “hard” box !

Can anyone assist me in getting a shell from user2? Having trouble getting past the f*** u*****.

My first hard PC is down! Wooho!

root@bolt:~# wc -c root.txt; hostname
33 root.txt
bolt

Root was very cool!

Finally got the root flag (not shell) after several nights of scratching my head. Big thanks to both @ghostccamm and @dreamerscoffee for the nudges that got me over the hump! Not sure I would have gotten to the finish line without them! I’ll be trying to get the shell too in the next few days!

I need a little nudge. I have user but now I need to get to user2. I think I need to get to the app but it seems that I am missing something and I haven’t been able to figure it out.

Edit: I figured what I was missing for the app. It should’ve been the easy part. I now have a shell from user2. On my way to root.

Edit: Rooted!

@Malvik said:
I need a little nudge. I have user but now I need to get to user2. I think I need to get to the app but it seems that I am missing something and I haven’t been able to figure it out.

You don’t need to get the app, have a look around and see if you get a lightning idea.

This was the hardest one I cracked, I have some tips:
First you need to enumerate, pay attention in the ssl error for https.
I had to write my own tool to download the needed files, it’s available under my GitHub, you will find it related to the machine name there. It’s just a tool, don’t expect to have any spoiler there.

User 1: very easy when you have the right files, let John be your friend.
User 2: was a bit complex, you need to be fast or you will lost everything and will need start from the beginning.
Root: stop to walk around, back to your first landed place and you will find an interest thing there, you will be able to get the flag file and maybe the shell.

Thanks @thek for the box.

I need a nudge pleaseee!! I’m in the last step for root. I already have a shell for w**-a and I know that I have root privilege with r** command. I’ve created a repository on my machine, set up a r*****-s***** instance also on my machine, and then executed the r***** command but I can not make it work… I read here that r*****-s***** is portable but I can’t figure it out what it means… any help?

Edit: nvm… rooted! I needed a tunnel…

Stuck trying to get from b**t to w-d. Tried various ways of uploading bind/reverse shell through b**t c*s, but can’t find how to execute it. A nudge would be much appreciated :smile:

Edit: Rooted. Got the rce through the c*s, just needed to be quicker once the .**l was changed. Thanks @zfyra for the nudges!

stuck on bolt → w*****ta. Any hints appreciated.

Help!

I’m stuck on the last step and it’s so frustrating. I have a w**-*** * shell. I can’t figure out how I am supposed to use the r***** command :frowning:

still stuck at initial foodhold. played around with d***** and found a key, but john isn’t very talkactive today. anyone want to tell me what I’m doing wrong?

EDIT: Got User finally. thanks to very helpful people. the last stepp took me again wy too long, thanks to my stupidity. Should really learn to read output properly …

Great box. Not too hard but in no means easy. Learned a lot about new tools and services. I found user to be way harder than the actual root part. User involves many steps with multiple rabbitholes imho. Pm me if you need a nudge.

Hey guys, i stucked d****.r*******.h**/v*. I researched re******/*.0 version i got how is it working ( not too much) but couldnt find right path. i tried “_ca*****” but nothing. Can someone help me for what he next step is?

Edit: Got User1 for now

Hi there,

Currently i’m in the /b… d******** and i am trying to get a shell running via a file rename but i get a lot of errors when i’m doing this… 404 not found. Am i doing something wrong? Can somebody give me a nudge in the right direction?

Have a good rest everybody…

Awesome box, thanks @thek!

Learned about a few new tools, scripts and services :mrgreen:

Rooted with shell.