I'm one of the creators of the box. Once you managed to obtain system privileges, then i'd like you to PM me how you did it as I'm very interested in how you guys found your way with the box.
Just like my previous machine (Teacher) I'm taking the feedback as input for future machines. So, don't be hesitant on giving your honest opinion.
I think I may have my path to get an inital foothold, but stuck on how to encode...
GCIH
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
Anyone has any hints for user ?
Enumerated a bit a found the user and password are getting base64 ecnoded while you have the ability to send money and you already know your ID - this way you could send money to users and confirm if they are existed but im not sure about that - an hint would be nice - So i thought of ID hopping and getting information this way
Anyone has any hints for user ?
Enumerated a bit a found the user and password are getting base64 ecnoded while you have the ability to send money and you already know your ID - this way you could send money to users and confirm if they are existed but im not sure about that - an hint would be nice - So i thought of ID hopping and getting information this way
Not sure about anything yet
I am also still working on getting a foothold on user. I too have noted how id can be enumerated given how authentication is performed in user pages. After much busting'n'fuzzing I am not (yet?) seeing how admin pages can be accessed and given one of the js files would seem to be necessary for host user foothold. (Hope not too vague but not spoiler here.)
Anyone has any hints for user ?
Enumerated a bit a found the user and password are getting base64 ecnoded while you have the ability to send money and you already know your ID - this way you could send money to users and confirm if they are existed but im not sure about that - an hint would be nice - So i thought of ID hopping and getting information this way
Not sure about anything yet
I am also still working on getting a foothold on user. I too have noted how id can be enumerated given how authentication is performed in user pages. After much busting'n'fuzzing I am not (yet?) seeing how admin pages can be accessed and given one of the js files would seem to be necessary for host user foothold. (Hope not too vague but not spoiler here.)
Got user, and was on the path to root when shell dropped and won't come back. This box is very temperamental.
GCIH
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
Is anyone else having huge difficulties getting their shell to pop? Sometime's it's instant, other times it will take up to an hour
GCIH
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
And rooted. Very interesting box, but needs more testing; shell was impossible to drop half the time, and if someone killed ******.exe then it was a reset
Initial access: Enumerate the site to understand how the frontend affects the backend. Don't be afraid to wait a while if it doesn't work immediately.
Shell: If a tool doesn't exist, put it there
Privesc: Once you find the interesting process, the two stages in it are fairly simple variations of things you should be familiar with.
GCIH
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
Pretty good box, but the initial access using the web app is often unresponsive or even takes longer than the stated timeframe
+1. Wasted a lot of time because of this. It's completely unresponsive at the time of writing. My payload worked only 1 time out of 20. And I'm on VIP.
Comments
Trying to find the way in, is not easy but.. I'm keep calm and Hackuna Matata
Int please?
i got some creds but idk where to place them
Hi all,
I'm one of the creators of the box. Once you managed to obtain system privileges, then i'd like you to PM me how you did it as I'm very interested in how you guys found your way with the box.
Just like my previous machine (Teacher) I'm taking the feedback as input for future machines. So, don't be hesitant on giving your honest opinion.
Good luck!
Hi Gio! Thank you for your hint.
I found my way and rooted it immediately after reading your welcome post here.
and thank you for very interesting and very realistic box!))
I think I may have my path to get an inital foothold, but stuck on how to encode...
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
Anyone has any hints for user ?
Enumerated a bit a found the user and password are getting base64 ecnoded while you have the ability to send money and you already know your ID - this way you could send money to users and confirm if they are existed but im not sure about that - an hint would be nice - So i thought of ID hopping and getting information this way
Not sure about anything yet
Python Expert
Github:
https://github.com/J3wker?tab=repositories
Type your comment> @j3wker said:
I am also still working on getting a foothold on user. I too have noted how id can be enumerated given how authentication is performed in user pages. After much busting'n'fuzzing I am not (yet?) seeing how admin pages can be accessed and given one of the js files would seem to be necessary for host user foothold. (Hope not too vague but not spoiler here.)
Already done it
Trying to get the next step now
Python Expert
Github:
https://github.com/J3wker?tab=repositories
Still messing with it... I can almost smell a password...
"ClickmedotEXE"

CISSP | OSCP
Rooted. Not sure why this was rated a 50 pt box... personally found all the current 40 pt boxes harder than this one.
Hints for user: reminded me of some OSCP boxes. Think client-side and chaining together some web app vulns.
Hints for root: The thing to exploit will be pretty clear and a variation of what worked for user will work here too.
PM for hints.
Rooted:
User: Client side thinking
Root: Enumerate normally , when you find it, "write a lot"
Python Expert
Github:
https://github.com/J3wker?tab=repositories
Got user, and was on the path to root when shell dropped and won't come back. This box is very temperamental.
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
Got user now on the way to being root
For user I'm stuck on b*****************p. ::1 is killing me.
Type your comment> @iliketacos said:
I was also stuck on the same thing for whole day. It can be bypassed. Try locally first
Type your comment> @mpzz said:
Did you mean can or cant?
Type your comment> @ijwbah said:
can. It can be bypassed, its not a rabbit hole
@mpzz can I PM you?
Is anyone else having huge difficulties getting their shell to pop? Sometime's it's instant, other times it will take up to an hour
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
Type your comment> @clubby789 said:
Same here.... I dont know why.
Spoiler Removed
And rooted. Very interesting box, but needs more testing; shell was impossible to drop half the time, and if someone killed ******.exe then it was a reset
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
Pretty good box, but the initial access using the web app is often unresponsive or even takes longer than the stated timeframe
Wasted a lot of time on root because of this:
Hint for root: Once you see the odd thing, forward everything to you. It's enough to interact with that, no need to see the code.
Hope that helps
Thank you for the box, she is great. Rooted !
Type your comment> @0xskywalker said:
+1. Wasted a lot of time because of this. It's completely unresponsive at the time of writing. My payload worked only 1 time out of 20. And I'm on VIP.
Edit: NVM, I reset the box and got it.
Stuck on the initial foothold. nothing seems to work. i waited , tried different things but still nothing. any hints please?
Rooted ! was very very nice box !!
pretty bad box so far