Aragog

I thought this box would be a lot harder based on its rating. I probably wasted the most of my time during privesc trying to figure out what to do with the login credential lol. Nice box for sure.

@gandalf8110 said:

@Malkinowns71 said:
the file found in that one place and the awesome Apache page haha.

no, there was file via http which relates to the netmask one

How did you find the http file as dirbuster is not helping me anywhere and the otherone I got by using the curl.

@amanbansal said:

@gandalf8110 said:

@Malkinowns71 said:
the file found in that one place and the awesome Apache page haha.

no, there was file via http which relates to the netmask one

How did you find the http file as dirbuster is not helping me anywhere and the otherone I got by using the curl.

i same i having the same issue. with dirb only got 2 things server_statas and index.html can some PM i have PMed some people but god they take for ever to replaying back expect dude!!! thank you

@laylow said:

@amanbansal said:

@gandalf8110 said:

@Malkinowns71 said:
the file found in that one place and the awesome Apache page haha.

no, there was file via http which relates to the netmask one

How did you find the http file as dirbuster is not helping me anywhere and the otherone I got by using the curl.

i same i having the same issue. with dirb only got 2 things server_statas and index.html can some PM i have PMed some people but god they take for ever to replaying back expect dude!!! thank you

Hey, I got the other file as well by using dirbuster. Now I need to figure it out how to use it.

@amanbansal said:

@laylow said:

@amanbansal said:

@gandalf8110 said:

@Malkinowns71 said:
the file found in that one place and the awesome Apache page haha.

no, there was file via http which relates to the netmask one

How did you find the http file as dirbuster is not helping me anywhere and the otherone I got by using the curl.

i same i having the same issue. with dirb only got 2 things server_statas and index.html can some PM i have PMed some people but god they take for ever to replaying back expect dude!!! thank you

Hey, I got the other file as well by using dirbuster. Now I need to figure it out how to use it.

hey man can msg me the comand line use for you mean gobuster or dirb. which did use use

i only was able to get 2 index and server_status.

@laylow said:
@amanbansal said:

       @laylow said:

             @amanbansal said:

                   @gandalf8110 said:

                         @Malkinowns71 said:
       the file found in that one place and the awesome Apache page haha.

     



              no, there was file via http which relates to the netmask one

   



          How did you find the http file as dirbuster is not helping me anywhere and the otherone I got by using the curl.

 



      i same i having the same issue.  with dirb only got 2 things server_statas and index.html can some PM i have PMed some people but god they take for ever to replaying back expect dude!!! thank you





  Hey, I got the other file as well by using dirbuster. Now I need to figure it out how to use it.

hey man can msg me the comand line use for you mean gobuster or dirb. which did use use

i only was able to get 2 index and server_status.

try to use dirbuster with common extention and for the other file you can find in one running service

Hi all :smiley: . Can I get a nudge on privesc? Here’s my current status:

  1. Observed something being run every ** minutes
  2. Editing -l**.*** to get submitted data (so far, no meaningful result - )

I tried to:

  • drop a shell (always dies)
  • cp desired files (found out don’t have perm. atm)

:dizzy: :dizzy: :dizzy:

Hey, can someone give me a nudge or tips to get shell? I managed to get user flag but I cannot access to shell in order to privesc to root…

Hey there fellow future world leaders. I’ve managed to perform the aforementioned attack…did i use that word right? Anyway, I’m having a goose of a time trying to guess the location of user.txt, however I do have some ideas about priv esc. Scratch my back and I’ll tell my cat so scratch yours. Happy hunting!!

Well, if you have managed to get in via the exploit, where can you find out what user accounts are for sure on the system, think of the common file location across all linux systems.

@Rauxa said:
Hey, can someone give me a nudge or tips to get shell? I managed to get user flag but I cannot access to shell in order to privesc to root…

you might want to revisit your nmap results :slight_smile:

■■■■■ People talking to each other on the box broadcast messages xD

who need help pm me

I see lots of dude stucked after finding DB information.
I can say that think what you can edit.That blog is all yours bro.
And try to understand the message in blog.Think twice.Find what is happening in box.
Connect these two dots that i’ve given and think what you can do with.
Remember : Something is trying to do someting and you can do whatever you want to do someting :slight_smile:

I will gladly help if someone needs it.
Just PM me.

Rooted … Nice Box … root was just sad. @sazouki thanks for the help <3

Hint for user :- Literally google everything you’ve found

Hint for Root:- Where else can you use the password?

This is doing my head in, it looks like a simple lfi, but what is the name of the vulnerable parameter?
Edit: Figured it out was being stoopid. The LFI comments actually sent me in the wrong direction it seems.

Hey can i get to k…_…ts through burp. Im so close i can feel it.

i cant believe it I just got user and the box is retired

@Monkey23 said:
i cant believe it I just got user and the box is retired

i feel you man, I got user last night and have been stuck on priv esc; sucks but so we learn

Ya it’s all good points are okay but learning is better anybody wanna team up on a box I’m ready to start a new one