Mischeif

@xMrR0b0t said:

@pzylence said:
for those who are stuck where to go after getting first login page:

if [SPOILER]. then rest is how you enumerate.

I think that it is a major spoilerā€¦ When there is too much info from enumeration and the comments here.

Is saying something is a spoiler even more of a spoiler since it confirms the spoiling?
ā€œThe Spoils of the spoiler can not be his by rightā€
-Dante Alighieri, Divine Comedy Canto XIII Ln 105

@Rantrel said:

@xMrR0b0t said:

@pzylence said:
for those who are stuck where to go after getting first login page:

if [SPOILER]. then rest is how you enumerate.

I think that it is a major spoilerā€¦ When there is too much info from enumeration and the comments here.

Is saying something is a spoiler even more of a spoiler since it confirms the spoiling?
ā€œThe Spoils of the spoiler can not be his by rightā€
-Dante Alighieri, Divine Comedy Canto XIII Ln 105

Love the quote! <3

Just rooted this thing!!! for everyone stuck at priv escalation, you are looking in the wrong place. if you need any help PM me :slight_smile:

Yeah Iā€™m deep in a hole on this one. Too far in to explain here, Would love a PM from someone who has root so I can explain where I am at.

UPDATE: trickster0 is a freaking Sadistā€¦ and I love him for it.
Got root, AMAZING box, Lots of face bashing, learned a lot, so many well put together layers.

Thanks @xephrox for the push, Owe you a beer.

I think iā€™m missing something after logging in to the first page. Iā€™ve found something else that I think might be a key but it doesnā€™t work for me, it may be that my calculations are wrong or iā€™m just going in the wrong direction.

If someone could kindly PM me so i could ask a couple of questions iā€™d be thankful!

Hi all, like other users I am stuck at the second login page. I pretty much tried everything basic, so I think I am sticking to the basics :slight_smile: Anyone wants to exchange ideas with me in PM?

hi i am stuck on privesc, ive tested all usual method and looked at local services also, can someone PM me a nudge in the right direction

@pzylence said:

@kecebong said:
Iā€™m stuck at web protected page with 2 creds on the page, tried to bruteforce with those creds, none are working. Found 2 tcp and udp. Anyone can shed some lights whatā€™s the next step?
Thank you

Enumerate!

Enumerate!Enumerate!Enumerate!Enumerate!Enumerate!Enumerate!

90% of the job lol Thanks @pzylence

Hi. Anyone able to help with intended way to priv esc on this box. Please PM me.

Ugh, still trying to get initial foothold myself. Mustā€¦enumerateā€¦harder!

Nice box, really does have some twists and turns. Great job @trickster0.

Rooted. Whew. Good box @trickster0

can I pm someone, i need to ask something about snmp. I already found 2nd login page, but seems I need to enumerate more on snmp.

Hi guys any hints, iā€™m conneted to Ap**** via ipv* but lo** credentials are not wokirng

Do i need bruteforicing with this box?

@mcruz said:
Do i need bruteforicing with this box?

No need to bruteforce. Just logic and enumeration would do.

Rooted, PM if you need help.

please PM im stuck with 2nd web app the 02 creds dont work

Rooted, very fun box

Thisā€¦ isā€¦ oneā€¦ ofā€¦ theā€¦ boxesā€¦ thatā€¦ livesā€¦ upā€¦ toā€¦ itsā€¦ nameā€¦

trickster0 , you really made us work for the flags man!!!

Anyway, guys, give you guys some directions.

On the initial foothold, if you realised you only have 2 ports, try all ports including the ones we donā€™t usually scan.
Once you discover that port, go dig it, thereā€™s useful info there. (Skip Sitting by the dock of the bay, thatā€™s wastinā€™ time).
You will discover thereā€™s some service that is running that you canā€™t find where it connects, think of an internet standard was established on 14 July 2017
Once you connect to the service, you need to think what commands to run to show certain files at certain directories.
When you try to privesc, try to run certain command to understand what certain users cant do and what other users can do.

Browsing the authorā€™s github may help in one step of the process.

Good Luck!!!