Hint for Waldo

Well someone's got to post it ;-) It's been over 12 hours. Where's Waldo ?

m0noc

Tagged:
«13456719

Comments

  • edited August 5

    ^^

    xMagass

  • I found Waldo... where the fuck is root?????

  • I feel like i'm being extra stupid on this one...

    Bear

    If you ask for help, show your workings and what you've tried or I won't reply.

  • @Bear said:
    I feel like i'm being extra stupid on this one...

    me too :-)

    mrf1sh

  • Stuck on priv esc. Didn't find any possible path. One thing that makes me think is second interface. Am I on a correct path?

  • Am I on the right path with the logmanager ?

    xMagass

  • Anytips for the initial foot hold. I think it is an injection attack but I cant figure it out

    heigou

  • @HeiGou - \/\/hat have you tried so far?

    Bear

    If you ask for help, show your workings and what you've tried or I won't reply.

  • pls stop resetting the box ;(

  • @Bear said:
    I feel like i'm being extra stupid on this one...

    ^^
    My feelings exactly. There's not much to this box, yet, can't get root.

  • @HeiGou said:
    Anytips for the initial foot hold. I think it is an injection attack but I cant figure it out

    same any hint :)

    Arrexel

  • I'd appreciate it if anyone could include me on any privesc from M*****r to root

  • edited August 5

    Nevermind , got root ^^

    xMagass

  • Yea, feeling the headache on the privesc from the M account...

    Bear

    If you ask for help, show your workings and what you've tried or I won't reply.

  • @HeiGou said:
    Anytips for the initial foot hold. I think it is an injection attack but I cant figure it out

    Need help as well. I found some interesting things in the .js file and I'm able to use them but I'm not very good with java so I can't understand how to exploit them.

    I found Waldo in the background image though, so that's a plus.

    Elio

  • @elio said:

    @HeiGou said:
    Anytips for the initial foot hold. I think it is an injection attack but I cant figure it out

    Need help as well. I found some interesting things in the .js file and I'm able to use them but I'm not very good with java so I can't understand how to exploit them.

    I found Waldo in the background image though, so that's a plus.

    First is not Java, is JavaScript and second you don't need to know anything about java or JavaScript to get anything.
    You don't even need the javascript files.
    If you could use a proxy to see what is going when you add a new list or an item to the list....

  • @Relwarc17 said:

    @elio said:

    @HeiGou said:
    Anytips for the initial foot hold. I think it is an injection attack but I cant figure it out

    Need help as well. I found some interesting things in the .js file and I'm able to use them but I'm not very good with java so I can't understand how to exploit them.

    I found Waldo in the background image though, so that's a plus.

    First is not Java, is JavaScript and second you don't need to know anything about java or JavaScript to get anything.
    You don't even need the javascript files.
    If you could use a proxy to see what is going when you add a new list or an item to the list....

    True, it's JavaScript. My bad. I'm using Burp anyway, and the request the site makes is defined in the script, so I got it from there.

    Elio

  • Hi. I can read files from www/html folder, list dirs and and write files, but I cant find a way to read other system files or write a file with an extension. Not so good with php, any hints?
  • @pkneca said:
    Hi. I can read files from www/html folder, list dirs and and write files, but I cant find a way to read other system files or write a file with an extension. Not so good with php, any hints?

    same..any hints?

  • read source, see what's happening and try to bypass it ;)

  • @etz21 said:

    @pkneca said:
    Hi. I can read files from www/html folder, list dirs and and write files, but I cant find a way to read other system files or write a file with an extension. Not so good with php, any hints?

    same..any hints?

    What can I say?
    Enumerate more ;)

    You can PM me for hint but only on mm or direct htb message.

  • I hate this machine and love it at the same time...better light the black candles and draw the <?php pentagram on the floor lol

  • edited August 6

    I am stuck at prev esc , logged as M**(($(#$$ but nothing else

  • Been reading the php files trying to find a way to exploit them but not really seeing a way.. can someone help out?

  • edited August 6

    Able to read some system files ... I see people using a M****** account , but i got nothing like M***** in "Home" Directory or "passwd". Someone could give me an hint about it ?

    Edit : Nevermind, found The guy :)

    CrazyFragzzz

  • Getting in is just about reading comprehension. Don't just look at the text, read it.

  • edited August 6

    Hint for root: There is a specific file that expresses a very weird behavior. Only capable and potent hackers can find out why.

  • I managed to read the files in the directory and might use 1 file to proceed but I seem to be stuck because of a certain filter (?) Could anyone give me a nudge?

    Vex20k

  • edited August 6

    SUID or not to be SUID? Privesc Hint Hint.

    Frey

  • Fighting with OpenSSL format .... Can someone give me a nudge in PM for Private key good formating ?

    CrazyFragzzz

Sign In or Register to comment.