Hi, used lfi, got some files… I have the usernames and the encryptet code.
I’m now struggeling with the decryption. Tried several algorithms, but it doesn’t work. It would be great if somebody could give me a hint. Just a hint, not the solution… (:
stuck in the same place
Done and glad for it!
Two things to keep in mind for this box
-
You don’t need to bruteforce the zip file because the password is probably within the first 10 you should try manually
-
Once you have the zip unzipped then the contents purpose will become obvious once you have have worked out the priv esc.
@gm0 said:
Done and glad for it!
- Once you have the zip unzipped then the contents purpose will become obvious once you have have worked out the priv esc.
The thing is I know how perform the priv. esc. At least, I think. I found the vulnerable service and which protocol to use to reach it. And I’m stuck here. How use the zip file at this point ? I have read a lot the manual of clients for this protocol, but I can’t find the particular option. Please, give me a hint.
Is there anyone who can help me about poison machine ?
I don’t know if I’m on the right road. I’ve successfully gained a normal shell and unzipped the file. I checked for services and I think I found the one I need to use, I might be wrong though. However, it tells me that its unable to open display. Help?
@DarthVaper said:
stuck on unzipping - getting error: “event not found” when trying to unzip with password
Trying unzipping it with other tool.
Aight, got the user and root ! Learned a lot, nice one.
@xdaem00n think about security, you want to do it in a secure way.
@Ethic said:
@gm0 said:
Done and glad for it!
- Once you have the zip unzipped then the contents purpose will become obvious once you have have worked out the priv esc.
The thing is I know how perform the priv. esc. At least, I think. I found the vulnerable service and which protocol to use to reach it. And I’m stuck here. How use the zip file at this point ? I have read a lot the manual of clients for this protocol, but I can’t find the particular option. Please, give me a hint.
I did it ! Finally ! I tried to use the wrong secret file, so it didn’t work well. I am a stupid guy.
@xdaem00n said:
I don’t know if I’m on the right road. I’ve successfully gained a normal shell and unzipped the file. I checked for services and I think I found the one I need to use, I might be wrong though. However, it tells me that its unable to open display. Help?
Think like a sysadmin. What a sysadmin, with security knowledge, would to do ?
@Ethic said:
Think like a sysadmin. What a sysadmin, with security knowledge, would to do ?
Finally, I solved it. It is not too difficult. @Ethic this tip is very useful for me, thanks.
@resiliencia90 said:
Hi, used lfi, got some files… I have the usernames and the encryptet code.
I’m now struggeling with the decryption. Tried several algorithms, but it doesn’t work. It would be great if somebody could give me a hint. Just a hint, not the solution… (:
This is my second machine & I’m in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?
@opanwar said:
@resiliencia90 said:
Hi, used lfi, got some files… I have the usernames and the encryptet code.
I’m now struggeling with the decryption. Tried several algorithms, but it doesn’t work. It would be great if somebody could give me a hint. Just a hint, not the solution… (:This is my second machine & I’m in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?
Nope, will work on it now. Going to take a step back and enumerate more… maybe we missed something?!
Also tried log-injection but weren’t able to get a shell.
It’s also my second machine… Nibbles was easier
I am able to inject code, read files through log, but I am not able to get reverse shell:-/ Neither I am able to upload file…stuck:-(
@opanwar said:
@resiliencia90 said:
Hi, used lfi, got some files… I have the usernames and the encryptet code.
I’m now struggeling with the decryption. Tried several algorithms, but it doesn’t work. It would be great if somebody could give me a hint. Just a hint, not the solution… (:This is my second machine & I’m in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?
@karelchajim said:
I am able to inject code, read files through log, but I am not able to get reverse shell:-/ Neither I am able to upload file…stuck:-(
Got the shell. Now an priv esc.
Thank you guys, already learned a lot.
If you still need a hint feel free to send me a message.
If anyone needs a helpful nudge, feel free to PM me with what you’ve done and where you’re at. Fun box!
I got user on this box but in spite of reading the threads here, and running linenum, I can’t get root. Anyone want to PM me a hint?
@resiliencia90 said:
@opanwar said:
@resiliencia90 said:
Hi, used lfi, got some files… I have the usernames and the encryptet code.
I’m now struggeling with the decryption. Tried several algorithms, but it doesn’t work. It would be great if somebody could give me a hint. Just a hint, not the solution… (:This is my second machine & I’m in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?
Nope, will work on it now. Going to take a step back and enumerate more… maybe we missed something?!
Also tried log-injection but weren’t able to get a shell.
It’s also my second machine… Nibbles was easier
Ha, that was my first machine as well. I sent you a PM.
@n0bf said:
I got user on this box but in spite of reading the threads here, and running linenum, I can’t get root. Anyone want to PM me a hint?
Find answers to the following questions, and you should be on the right way.
What is a sysadmin ? What is his work ? How does he work ? How does he work securely ?
@Ethic give you a good hint but I would add.
Think like most sysadmin think"
In this thread @NanoByte said
This box is not about thinking outside the box, its about thinking about this person and >>how they use the box. If we start enumerating the box we find several interesting things. >>Maybe there is a service of note. Many of you have found this service but have found >>yourself not able to utilize it. Think about how the person who owns the box would >>utilize it? Maybe there are guides online that he followed to secure it the way its secured? >>I bet if you did some googles from the prospective of the user of the box trying to set it >>up you would figure out really fast."
This is a good hint !
-
How does one unzip the file on the machine? I don’t see an option for adding a password for unzip
-
If it can’t be unzipped on the machine how does one download the file? I tried scp but keep getting permission denied
Any hints?