@elyst said:
I’ve got the file from the zip and I know what service to use. I just can’t figure out what to do with the file. I tried to SSH using this service but always get rejected. Anyone a tip on this matter? Would really appreciate it!
You have to analyze the whole sentence from enumerating the box. That should be a crucial key in helping you! Also, make sure you read and bear in mind the possible options that you will need to use in the future!
Okay so I’m connected via ssh and a I’ve tried the LinEnum script.
I have also “strings secret.zip”, I don’t know if the result contains a password…
I have nmap and discovered some ports but “File not found”… Can I have some hints pls?
Got usr, and im able to get eyes on the machine… however still as usr. Any hint on how to get root. I did read the article provided in the hints but it doesnt get me much further
How can I PM Charix (the creator of the box) in this forum? it’s urgent
EDIT: not so urgent, the box had an unintended way of getting root which was in some kind of history file
@masterrabbit said:
Can anyone give me a hint to start with, my 2nd box ever and just need a nudge in the right direction.
go to the webpage, read the outputs of the scripts(look for something obvious in one of them). after that come here read through these pages and research the hints others have given.
@masterrabbit said:
Can anyone give me a hint to start with, my 2nd box ever and just need a nudge in the right direction.
go to the webpage, read the outputs of the scripts(look for something obvious in one of them). after that come here read through these pages and research the hints others have given.
Yeah tried that, still lost… I know its some form of LFI however none of my attempts to inject a nc shell are working…
there is the hidden file that is encoded but dont know what to do with that
@masterrabbit said:
Can anyone give me a hint to start with, my 2nd box ever and just need a nudge in the right direction.
go to the webpage, read the outputs of the scripts(look for something obvious in one of them). after that come here read through these pages and research the hints others have given.
Yeah tried that, still lost… I know its some form of LFI however none of my attempts to inject a nc shell are working…
there is the hidden file that is encoded but dont know what to do with that
Finally ! Got root ! Third box, yay ! I love those boxes where there’s not really an exploit or bruteforcing, solving the puzzles is way more satisfying. I prefer elegant solutions using only shell commands rather that using metasploit and other complicated tools
Feel free to PM me for hints !
i kind of feel so dumb right now …still didn’t get the first access; although found the LFI and the encoded pass …but didn’t really know what to do …please some help
i kind of feel so dumb right now …still didn’t get the first access; although found the LFI and the encoded pass …but didn’t really know what to do …please some help
Using LFI you have the ability to view some important OS file , also , password is encrypted using an reversible algo . You can start from here …
i kind of feel so dumb right now …still didn’t get the first access; although found the LFI and the encoded pass …but didn’t really know what to do …please some help
Using LFI you have the ability to view some important OS file , also , password is encrypted using an reversible algo . You can start from here …
Thanks for the answer,
I actually stuck in there …the decryption of the secret …what algo …
is it complicated or I’m really overthinking it !!!