Swagshop

Disscussion Starting Point

«13456711

Comments

  • I'll just be sitting here praying this is another OSCP-like box (this guy has a great track record) and not another CTF "guess the box" shitfest like we've seen waaaaay too often recently. ~1hr to go!

  • Let's get it guys! Im excited.

  • On free i can't even run a gobuster..i guess i'll wait....:/

  • anyone know if /js thing has anything to do with it

  • found a key and a password, not sure if its troll

  • Type your comment> @gokuKaioKen said:

    found a key and a password, not sure if its troll

    same here, in config files?

  • Service Temporarily Unavailable, on index.php anyone else getting that

  • lol its nuked

  • edited May 11

    Well I'm stuck, right after getting assumed creds and having the admin login panel. Guess I'll wait/research until some hints pop up :))

    Hack The Box

  • Has anyone found valid admin credentials? Hydra found two but they're both wrong, also I too found mysql root creds and some weird crypo key

  • Well, i found 2 admin session IDs but none of them work
  • Type your comment> @Informatiger said:

    Has anyone found valid admin credentials? Hydra found two but they're both wrong, also I too found mysql root creds and some weird crypo key

    i think the pass is encryped and can be decrypted using that key but i dont know the syntax.

  • edited May 12
  • Any nudge on from people who already got user on how to decrypt the m****** pass?

    Hack The Box

  • rooted.
    hint for root: don't overthink it, it's obvious after basic enum

    Hack The Box

  • @AndreiPintea said:
    Any nudge on from people who already got user on how to decrypt the m****** pass?

    pm me

    Hack The Box

  • edited May 11
  • edited May 11

    Great box :) Glad I had opportunity to get familiar with pwning Magento :)
    User: not every password is a swag, make yours :)
    Root: basic enumeration and understanding of Linux system

    If you appreciate my help, please give +1 respect :)
    https://www.hackthebox.eu/home/users/profile/76469

  • Is the box supposed to show a 503 right off the bat? I would assume it's supposedly "misconfigured"

  • I guess the box is down at the moment. Can't play anymore in the admin control panel

    Hack The Box

  • Yup now tired with getting 503 and Playing.
    Going to bed

    Hack The Box

  • Legit easiest root ever, took me about a minute :smiley:

  • rooted .... very easy and straightforward box

  • User took a couple hours cause people feel the need to put their backdoors on the index.php and hose the box in the process, causing a reset every few minutes. I hate you if you did that. Just sayin.

    Got a shell, ran Linux Smart Enum and popped root in about two minutes. Waaaaaaaaaay too easy, IMO.

    Decent box, though. Just wish people (even on VIP) would quit ruining it for everyone around them.

  • Anyone have an idea, why the script always ends with "DID NOT WORK" ?

    Summa scientia, nihil scire.

  • Rooted. Cool machine :)

  • Easy root )Thx for box! ) Love it

  • Any hint on how to decrypt the M****** password?

  • Any hint what to do after login into m*****o as admin?

Sign In to comment.