I'll just be sitting here praying this is another OSCP-like box (this guy has a great track record) and not another CTF "guess the box" shitfest like we've seen waaaaay too often recently. ~1hr to go!
Great box Glad I had opportunity to get familiar with pwning Magento
User: not every password is a swag, make yours
Root: basic enumeration and understanding of Linux system
User took a couple hours cause people feel the need to put their backdoors on the index.php and hose the box in the process, causing a reset every few minutes. I hate you if you did that. Just sayin.
Got a shell, ran Linux Smart Enum and popped root in about two minutes. Waaaaaaaaaay too easy, IMO.
Decent box, though. Just wish people (even on VIP) would quit ruining it for everyone around them.
Comments
I'll just be sitting here praying this is another OSCP-like box (this guy has a great track record) and not another CTF "guess the box" shitfest like we've seen waaaaay too often recently. ~1hr to go!
Let's get it guys! Im excited.
On free i can't even run a gobuster..i guess i'll wait....:/
anyone know if /js thing has anything to do with it
found a key and a password, not sure if its troll
Type your comment> @gokuKaioKen said:
same here, in config files?
@EmmaSamms .... right
Service Temporarily Unavailable, on index.php anyone else getting that
lol its nuked
Well I'm stuck, right after getting assumed creds and having the admin login panel. Guess I'll wait/research until some hints pop up
)
Has anyone found valid admin credentials? Hydra found two but they're both wrong, also I too found mysql root creds and some weird crypo key
Type your comment> @Informatiger said:
i think the pass is encryped and can be decrypted using that key but i dont know the syntax.
Spoiler Removed
N1Z4M B1N MUH4MM3D
Security researcher From God's own country
Any nudge on from people who already got user on how to decrypt the m****** pass?
rooted.
hint for root: don't overthink it, it's obvious after basic enum
pm me
N1Z4M B1N MUH4MM3D
Security researcher From God's own country
Great box
Glad I had opportunity to get familiar with pwning Magento 

User: not every password is a swag, make yours
Root: basic enumeration and understanding of Linux system
If you appreciate my help, please give +1 respect
https://www.hackthebox.eu/home/users/profile/76469
Is the box supposed to show a 503 right off the bat? I would assume it's supposedly "misconfigured"
I guess the box is down at the moment. Can't play anymore in the admin control panel
Yup now tired with getting 503 and Playing.
Going to bed
Legit easiest root ever, took me about a minute
rooted .... very easy and straightforward box
User took a couple hours cause people feel the need to put their backdoors on the
index.php
and hose the box in the process, causing a reset every few minutes. I hate you if you did that. Just sayin.Got a shell, ran Linux Smart Enum and popped root in about two minutes. Waaaaaaaaaay too easy, IMO.
Decent box, though. Just wish people (even on VIP) would quit ruining it for everyone around them.
Anyone have an idea, why the script always ends with "DID NOT WORK" ?
Summa scientia, nihil scire.
Rooted. Cool machine
Easy root )Thx for box! ) Love it
Any hint on how to decrypt the M****** password?
Any hint what to do after login into m*****o as admin?