Anyone find the intended way? I have access and got user, but stuck on root.
I’m in the same boat @Magavolt . It kinda sucks that many were able to get an easy 50 pts for this, but nobody even seems to know what the intended method was. It makes the box lose a lot when it comes to enjoyability. I’ll keep at it until I get it the correct way though.
found the two creds, the higher UDP port, and the service bindend on localhost (so unable to contact…).
Any hint at this point?
Do I need to brute force login or do I have to just find location where this credentials are?
Has anyone solved the root privilege escalation after it has been patched?
Can anyone spare a hint on the second login? Nothing I’ve tried seems to be working. Also found another page, but it doesn’t give any output with anything I do to it.
@cdf123 said:
Can anyone spare a hint on the second login? Nothing I’ve tried seems to be working. Also found another page, but it doesn’t give any output with anything I do to it.
If nothing works, back to basics and try common username
HINT: Once you learn how to login, you start to assume some things. These assumptions will have you at a roadblock when you shouldn’t be. There is mischief going on, remember? Things won’t always be the way you think even if they once were. I hope this helps without spoiling.
I’m still working on priv esc, but I’m sure the same rules apply, lol.
@blackhood said:
HINT: Once you learn how to login, you start to assume some things. These assumptions will have you at a roadblock when you shouldn’t be. There is mischief going on, remember? Things won’t always be the way you think even if they once were. I hope this helps without spoiling.I’m still working on priv esc, but I’m sure the same rules apply, lol.
Got the root. It is really a mischievous god/machine
Holy effing smokes batman!!! This ■■■■ box is one long F*xx around. ■■■ this was stupid and horrible and really fuxx up. I loved every freaking second of it! This box was epic!! Thanks @trickster0 !! That name definitely fits. You’re a ■■■■, but I owe you a drink for this one. I hope a respect will do. Well done my friend!!
Someone mentioned ippsec’s video walkthrough of one box that is similar to this. Can anyone give me a link where this video resides?
@Higgsx said:
Someone mentioned ippsec’s video walkthrough of one box that is similar to this. Can anyone give me a link where this video resides?
That was an unintended method and has been patched.
I enumerated one UDP port,extracted some information but nothing interesting has been found. found creds, found picture but I can’t go further. I checked everything I think. Scanned full TCP/UDP ports nothing more interesting ports shows up. Can anyone give me a little advice how to go further? I tried stego but as I guess there isn’t stego stuff to do.
@Higgsx said:
I enumerated one UDP port,extracted some information but nothing interesting has been found. found creds, found picture but I can’t go further. I checked everything I think. Scanned full TCP/UDP ports nothing more interesting ports shows up. Can anyone give me a little advice how to go further? I tried stego but as I guess there isn’t stego stuff to do.
I see multiple TCP/UDP ports, 1 login page, I’ve performed a walk and I’m stuck. Can anyone give me a kick in right direction.
I got access to the other login page, but can’t seem to bypass it- - tried everything from brute force login to trying to look for other pages. Would appreciate a hint to move in the right direction
nvm got it
As a general rule for bruteforcing things, don’t just use stock word lists. Keep a tailored one for your target. When you find something on your target, add it to your list. e.g. If you find a user account, add it to your user word list.
I have problem with s**o
My I please a hint? or better discuss…
@smjogi said:
I have problem with s**o
My I please a hint? or better discuss…
enumerate more
There is a linux command that will help you a lot to figure out what is going on.
Just when you think you have it and then nope.
I have question that people will understand who did root access to mischief box.
Do I need to know password of [SPOILER] user?
[SPOILER DELETE]