Poison

11718192123

Comments

  • edited August 2018

    Hi!
    Anyone can DM me? I think I'm very close. I had identified the service and unzip de file, but I can`t get both of them to work.

    Thanks in advance

  • Something was wrong in the box.
    After reset it works.
    Rooted :)

  • if you type rm -f root.txt, you're a c*nt

  • Was having a lot of issues right at the end (grey screen) - if this happens, just issue a reset and it'll work.

    Great box

    jamesa

  • Got LFI and reverse connection from the box , but i am not able to get reverse shell as it filters out " /". Am i on the right path ??

  • I just got root on this box now. And I can absolutely agree that trying to bruteforce your way through is a waste of time. Take your time, REALLY read all the help docs/dialogs for the vulnerable services. RTFM is your best friend on this box.

    Knowledge over Tools, boys and girls. Remember that and you'll win the day.

    Also, props to Charix for a fun af challenge!

    BoxingOctopus

    "To secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself." -- Sun Tzu, The Art of War, 4:2

  • I got the passwordfile but dont know how to use it.
    Should i decode it or it can be used in another way

  • @voidhofer said:
    Hi guys!

    I got the user.txt and now I am working on the privesc part. Already found the service, managed to set up tunnel, but I have no idea about the pass i should be using for the connection. Tried the ssh pass already, did not work for me. Unzipped the secret, but its not readable by humans... Am I missing something? Need help!

    CAn you help me in getting user

  • @dreadnaught said:
    Ok, I have the decoded password. I've tried to ssh with www, poison, and a few other random usernames with no luck. Am I at least on the right track to getting in?

    Could me give a hint on decoding the password

  • Got the user.txt now moving to privsec.
    Note: Dont use burp decoder

  • I dont know how to get user, i got an pass, i know what service i must target, but some one can give me a hint ?

  • I got user but I'm stuck on the second part. Unzipped the file but I'm missing how to enumerate the machine. DMs would be appreciated

  • @lopseg said:
    I dont know how to get user, i got an pass, i know what service i must target, but some one can give me a hint ?

    its in the password

  • edited August 2018

    @HackingSnake said:
    I got user but I'm stuck on the second part. Unzipped the file but I'm missing how to enumerate the machine. DMs would be appreciated

    double check the running services, one that can help you privesc with the help of that file. man CommandName will come handy to figure out how to use that file over that command/service.

  • @Rayhan0x01 said:

    @HackingSnake said:
    I got user but I'm stuck on the second part. Unzipped the file but I'm missing how to enumerate the machine. DMs would be appreciated

    double check the running services, one that can help you privesc with the help of that file. man CommandName will come handy to figure out how to use that file over that command/service.

    Thanks, found the file, can cat it but can't copy-paste lol

  • I feel like I'm close but could use a nudge.. user - check, file unzipped - check, ***** tunnel over ***** - close! so f'ing close. Any help would be appreciated.

  • maybe ******* and zip are related. uuuudddduh how can that be? MAN if only there was a way to know how.

  • can someone please give me a hint?

    I decoded secrets .zip but can't make sense of the content.

  • Had a lot of fun on this so far, and a lot of help from these forums - just wondering after getting the contents of a certain compressed boyo, any hints as to what to do next? The ps and top commands did not help me.

  • update: had a reverse shell going but didn't realise (it was in another window!) and so i unwittingly ended the connection and now the exploit wont work! :)

  • @KuroSaru said:
    maybe ******* and zip are related. uuuudddduh how can that be? MAN if only there was a way to know how.

    I get the relationship, I'm past that point or missing an element of that point. Without trying to give anything away, I have a *** (the non-cli kind) connection and get a blank screen.

  • Hi, I'm stuck with the .zip file. If anyone could give me a hint on what to do with it DM me.

  • @FeetBeets said:
    Hi, I'm stuck with the .zip file. If anyone could give me a hint on what to do with it DM me.

    Everything you need is in this thread ;)... Enumerate from inside and you will find your way.

  • can someone PM how to root this thing, i don't have idea how to deal with that ******.zip

  • Is the grey screen a fault? Or am I not doing something right?

  • Please How do I copy the zip file to my local machine?
  • @Afolic said:
    Please How do I copy the zip file to my local machine?

    Find how a file can be copied remotely.

  • edited August 2018

    Rooted! I didn't know I could connect that way :^)

  • I recommend everyone to review the thread of the forum. Your questions have already been answered before. All hints are here.

  • Finally got root after wasting far too much time on the zip file

    Send me a PM if you need some help.

Sign In to comment.