For people having problems/getting nothing after getting creds : yeah they can be useful somewhere but you must enumerate and read some files to better understand where you can use them . You should wonder why there are creds here and for what they are needed/supposed to do
Sorry if I say too much, it's my first time giving my opinion and advice here xD
Initial: Fastest foothold I've ever got. 2 steps to get an easy shell.
User: Read files carefully, ignore rabbit holes and RTFM.
Root: You should spot the method fast, try it locally to understand how to make it work.
GCIH | GCIA
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
Finally.
Foothold: DDoS? Really? Check the description before run something!
User: check that same place where you've found those creds. Make yourself familiar with capabilities of the service and ask yourself what permissions should you have to view that content.
Root: was mindblowing for me. It's right in front of your eyes once you logged in, but you just cannot violate args. Fortunately, there is a way to substitute one thing with another and use the same command to get a shell
Finally got user thanks to @D3Fix and @olsv . As always something stupid i missed, also found cheetsheet and read it and found another way to get there. funny
Still stucked with the credentials found/cracked. I have viewed all the files contents within the n*****o directory for additional information/hints but I did not find anything suspicious.
Anyone who can PM for a nudge into the right direction? Thnx
Thanks to @YaSsInE rooted it, i understood that i need somehow to stop it.... but never thought this way..... Funny machine... learned quite a lot from rooting.
Hints for user :
-Once you are in, read the manual. Read it till you find something interesting.
Hints for root :
-The answer is in front of you the moment you get user. I went down a rabbit hole and I can understand why people might overthink it, even despite checking GTFO Bins. You need a little trick not so obvious.
User: The first obvious thing you'll find is probably not what you need; Read the contents of the files in the n****** directory and you'll get there...
Root: Find an obvious file for your way to root. It took me unnesasary time because of a less thing.....
Comments
Got user.
For people having problems/getting nothing after getting creds : yeah they can be useful somewhere but you must enumerate and read some files to better understand where you can use them
. You should wonder why there are creds here and for what they are needed/supposed to do
Sorry if I say too much, it's my first time giving my opinion and advice here xD
PM if needed
Got user now too.
Go going for root... but didn't found anything yet. Can someone PM me a nudge?
Silence, i'll hack you!! ;-)
rooted
PM for nuggets
Initial: Fastest foothold I've ever got. 2 steps to get an easy shell.
User: Read files carefully, ignore rabbit holes and RTFM.
Root: You should spot the method fast, try it locally to understand how to make it work.
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
Spoiler Removed
Silence, i'll hack you!! ;-)
Finally.
Foothold: DDoS? Really? Check the description before run something!
User: check that same place where you've found those creds. Make yourself familiar with capabilities of the service and ask yourself what permissions should you have to view that content.
Root: was mindblowing for me. It's right in front of your eyes once you logged in, but you just cannot violate args. Fortunately, there is a way to substitute one thing with another and use the same command to get a shell
I'm a bit stuck... I've found the place mentioned in the interesting file, just can't find anything further, not sure what to do with the creds...
Type your comment> @benhulatt said:
if you cannot see something it doesn't mean it not exist
Rooted.
Feel free to PM.
Type your comment> @olsv said:
took a moment to understand what you mean, figured it out now, thank you for the tip!
Finally got user thanks to @D3Fix and @olsv . As always something stupid i missed, also found cheetsheet and read it and found another way to get there. funny
got root, it was fun.
rooted!
Much thanks to @rholas and @idomino when I was stuck at user.
Null | Nada- | Zip | Diddly | Zilch+
For people struggling with root. remember its not always a good idea to maximize ur screen
Got a low priv shell, could someone help me with user?
btw box goes down likely due to people running the wrong CVE since there's one for dos
hint for user:
enumerate... enumerate... enumerate...
don't brute-force ssh...
for root:
GTFOBins is your friend...
PM me if you need help
Spoiler Removed
Rooted.
Thanks @jkr for the fun box!
Feel free to PM if you need hints.
Someone's tip helped me)))
Still stucked with the credentials found/cracked. I have viewed all the files contents within the n*****o directory for additional information/hints but I did not find anything suspicious.
Anyone who can PM for a nudge into the right direction? Thnx
EDIT: Thanks @YaSsInE for the nudge!!
This was fun. Owning user was a bit tricky at first but looking back it was a rather straightforward process.
Feel free to PM me for help!
PM me on Discord: t0thkr1s#0880
Thanks to @YaSsInE rooted it, i understood that i need somehow to stop it.... but never thought this way..... Funny machine... learned quite a lot from rooting.
Hints for user :
-Once you are in, read the manual. Read it till you find something interesting.
Hints for root :
-The answer is in front of you the moment you get user. I went down a rabbit hole and I can understand why people might overthink it, even despite checking GTFO Bins. You need a little trick not so obvious.
Rooted this box!!
Thanks to my fellow countryman @ToneDef
Rooted! Once the port issues settled down it was a fun box! Thank you @jkr!
Tips:
Foothold: read other comments posted here, enumerate and you are in
User: Ditto, read the manual, understand how things works and are set up this will point you to where you need to go
Root: GTFO Bins and just seeing what is right there is all you need.
General advice: keep it simple, enumerate, read, google, take stock of what you have (often right in front of you).
View my Profile
Rooted :P
For the user you should read a config file and the manual of the service, only the thing that matters.
For root, Swagshop's root had almost the same approach as this one.
If you need help with the boxes, pm me on Discord, zaBogdan#3458, I always forget to respond on form