Registry

Spoiler Removed

@bluealder said:

I feel I’m so close to root, trying to exploit the rc command but find a way to either exec code or connect to my local rest-rc server hmmmmmmm

Depends on how “local” your r****c server is :slight_smile:

Got root, but I don’t think it was the intended way :confused:

Pushed at root for a while, found a few possible entry points, but eventually I gave up and used the unintended method. If anyone can give me a hint for the proper one, I’d be very interested!

do not try to crack anything user wise use grep and look forensics wise at your d*r p and when u overlay to something useful you will see the mess of the ctf like setup he talks about

Any hint on user where should i look next, got a file lat*** with hashes and got the _c***** name … don’t know how to proceed from there!

I got root in the right way, now I’m satisfied.
Thank you for the box @thek, nice one.

Got root both ways now, great box I liked it a lot!

@gall0ws @bluealder I’m so glad you liked it :wink:

Rooted, thanks @gall0ws for nudges. Fun box, difficult but doable. Good work @thek. Am curious if this can be exploited to get root shell or just read the flag? I did the latter. EDIT: nvm, I wasn’t looking closely enough.

User:
Enumeration leads you to a new sub. There’s more than meets the eye here; google it. Once you have it, make sure history isn’t doomed to repeat itself.

User2:
Basic enumeration and some elbow grease should give you what you need.

Root:
Look for what stands out in basic enum, read through the files and the commands you’re able to execute which maybe you shouldn’t. Google from there.

@east You’ll get the root shell if you don’t aim just at the flag.

anyone message me. how i can get a shell… i stuck in dirb…

  • Rooted. Thanks to the creator of the box. @thek

Rooted very fun box.

User part it very fun in this forum has enoung hint.
Root part take your time to understand , What you can do.

We can got root 2 methods.
Very easy and hard but not much.

Manual document is the best friend.

Trick : root shell it has a little bug just look carefully.

Rooted.

First hard box. I guess i did root it the intended way? It seemed like it, can someone pm me what the other method is? Just curious.

For user much thanks to @backslasht for a the hint :slight_smile:

A little CTF like, but had fun all the way! Thanks @thek ! :slight_smile:

Could someone give me a nudge? I have found a hash inside a file, but struggling to find the salt that corresponds to the hash. Is that even the right way?

Type your comment> @idomino said:

Could someone give me a nudge? I have found a hash inside a file, but struggling to find the salt that corresponds to the hash. Is that even the right way?

I got the plain text from it, but to be honest with you, I just wasted time there. You can own the machine without using B***t.

I can’t really get a hold of this machine, I found some dirs, a domain (with d****r), and a web app but I’m clueless as to how to proceed further.

EDIT:
Managed to get a cert file. Needing a key (i think).

Can anyone pm me a hint for root. Tons of enumeration but not seeing it.

did the box just got patched?? The way i did root, does not work anymore. But that was the fun part :frowning: