Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
I'm at the end here... struggling to use the inspection tool against the interesting binary... a nudge in the right direction would be really appreciated
Edit: Rooted. Clearly was overthinking it. Thanks @TazWake and @N0tAC0p for the nudges!
Looking for help on the basics sadly, i am having a hard time bypassing this login page. Any nudges would be great. I would like to be better at burp suite and sql injection. Help, resources, and advice would be great for me to learn. I have googled quite a bit already and tried many things. Help on bypass please!
Looking for help on the basics sadly, i am having a hard time bypassing this login page. Any nudges would be great. I would like to be better at burp suite and sql injection. Help, resources, and advice would be great for me to learn. I have googled quite a bit already and tried many things. Help on bypass please!
If you google what you are trying to do there is a wealth of interesting articles which will help you.
Anything else is going to be flagged as a spoiler.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
User owned! Working on root.
It wasn't hard like it seems but cool, learned a few new useful things in the exploiting phases.
Owning user took me a certain time, please don't reset the box every time or use strong tools, burp,Hydra or other tools like that aren't needed.
Guys, Any hint on the user ? I got the foothold easy, I got a password that is useless - not sure how to crack the user t******* , appreciate any nudge please.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
I got the user flag but trying to use the same python script method to get root. seemed like my NC listener not responding. Appreciate if anyone can provide some hints?? thanks
So its been two days i am stuck at root. I read the comments but cant figure it out. I think i never seen this method or i am having a bad time with this machine. Any nudge?
I figured out! Thanks everyone for there comments.
Comments
Anyone for a nudge?
Spoiler Removed
@mrshershulya said:
Do you have a proper shell? When you say "su doesn't work" - do you mean it rejects the password or generates an error message?
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
@TazWake, I spawned shell, It writes "su: Authentication failure"
@mrshershulya said:
Ok, you might have the wrong password for the user you are trying. If you need/want more detail you will need to DM.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Gosh... Is there anyone I can get help with f****? I keep running an error on the p****** that is running on f**** this is for root
Damn... Finally rooted this box heck I am breaking out in sweat for the root.
Nice box. This would be a good OSCP prep box. I think there are a couple slightly different ways to get the initial foothold.
Could someone PM me for user account? I've found m**** creds and been stuck on w********* shell...
I'm at the end here... struggling to use the inspection tool against the interesting binary... a nudge in the right direction would be really appreciated
Edit: Rooted. Clearly was overthinking it. Thanks @TazWake and @N0tAC0p for the nudges!
Looking for help on the basics sadly, i am having a hard time bypassing this login page. Any nudges would be great. I would like to be better at burp suite and sql injection. Help, resources, and advice would be great for me to learn. I have googled quite a bit already and tried many things. Help on bypass please!
@JitB said:
If you google what you are trying to do there is a wealth of interesting articles which will help you.
Anything else is going to be flagged as a spoiler.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Rooted .. Amazing box.. DM for nudges.
It wasn't hard like it seems but cool, learned a few new useful things in the exploiting phases.
Owning user took me a certain time, please don't reset the box every time or use strong tools, burp,Hydra or other tools like that aren't needed.
If you need a little hint PM me.
Im stuck as w**-***a any help getting to user t*?
Rooted! Very fun box, and according to some comments very OSCP-like so I've taken extra notes.
Foothold:
User
Root
PM me if anyone needs any help!
Guys, Any hint on the user ? I got the foothold easy, I got a password that is useless - not sure how to crack the user t******* , appreciate any nudge please.
Rooted Finally! Big thanks to @TazWake and @roumy for helping in the final step! Feel free to ping for any help!
Anyone had this error when trying to SSH @10.10.10.185: Permission denied (publickey).
@wooly13 said:
Looking at it, it seems to imply you haven't used the correct public key to correct and key based authentication is enforced.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Type your comment> @wooly13 said:
That's not an error (if you don't have your key on this machine already). Try another way to log in.
Just rooted. It was a really good and fun one. It wasn't hard, but I've learned a bit, and spent lots of time in a rabbit hole.
Rooted finally,
Nice box!
Initial foothold:
1- "bypass login page"
2- trick the system
User:
enumerate files, try to login and export data
Root:
Interesting file, how can you execute the commands in another context?
Finally rooted this sucker!
Hint for root : If you can't find the right path, create your own path with necessary ingredients and then you get shell shelll shell.....
Learned a lot. Thanks @TazWake @FunkyMcBeef and @disastrpc for nudges.
PM me if you need any nudges.
Type your comment> @idonthack said:
What is your doubt? PM me, if you want some help
So its been two days i am stuck at root. I read the comments but cant figure it out. I think i never seen this method or i am having a bad time with this machine. Any nudge?
I figured out! Thanks everyone for there comments.
I was stuck on creating the damn thing one way and the simplest way worked
I'm stuck at user. Dunno how to play with upload. Please DM me.
Rooted! Feel free to DM me if you need a hint
-------- xOkami --------