Mischeif

124678

Comments

  • @Rantrel said:

    @xMrR0b0t said:

    > @pzylence said:
    > for those who are stuck where to go after getting first login page:
    >
    > if [SPOILER]. then rest is how you enumerate.

    I think that it is a major spoiler... When there is too much info from enumeration and the comments here.

    Is saying something is a spoiler even more of a spoiler since it confirms the spoiling?
    "The Spoils of the spoiler can not be his by right"
    -Dante Alighieri, Divine Comedy Canto XIII Ln 105

    Love the quote! <3

    pzylence
    OSCP

  • Just rooted this thing!!! for everyone stuck at priv escalation, you are looking in the wrong place. if you need any help PM me :)

  • edited August 2018

    Yeah I'm deep in a hole on this one. Too far in to explain here, Would love a PM from someone who has root so I can explain where I am at.

    UPDATE: trickster0 is a freaking Sadist... and I love him for it.
    Got root, AMAZING box, Lots of face bashing, learned a lot, so many well put together layers.

    Thanks @xephrox for the push, Owe you a beer.

    Rantrel
    ~|OSCP|~

  • I think i'm missing something after logging in to the first page. I've found something else that I think might be a key but it doesn't work for me, it may be that my calculations are wrong or i'm just going in the wrong direction.

    If someone could kindly PM me so i could ask a couple of questions i'd be thankful!

  • Hi all, like other users I am stuck at the second login page. I pretty much tried everything basic, so I think I am sticking to the basics :-) Anyone wants to exchange ideas with me in PM?

  • hi i am stuck on privesc, ive tested all usual method and looked at local services also, can someone PM me a nudge in the right direction

  • @pzylence said:

    @kecebong said:
    I’m stuck at web protected page with 2 creds on the page, tried to bruteforce with those creds, none are working. Found 2 tcp and udp. Anyone can shed some lights what’s the next step?
    Thank you

    Enumerate!

    Enumerate!Enumerate!Enumerate!Enumerate!Enumerate!Enumerate!

    90% of the job lol Thanks @pzylence

    Arrexel
    OSCP | OSCE half way!

  • Hi. Anyone able to help with intended way to priv esc on this box. Please PM me.

    adyd

  • Ugh, still trying to get initial foothold myself. Must.....enumerate....harder!

  • Nice box, really does have some twists and turns. Great job @trickster0.

  • Rooted. Whew. Good box @trickster0

    Arrexel
    OSCP | OSCE half way!

  • can I pm someone, i need to ask something about snmp. I already found 2nd login page, but seems I need to enumerate more on snmp.

  • Hi guys any hints, i'm conneted to Ap**** via ipv* but lo** credentials are not wokirng

  • Do i need bruteforicing with this box?

  • @mcruz said:
    Do i need bruteforicing with this box?

    No need to bruteforce. Just logic and enumeration would do.

    pzylence
    OSCP

  • Rooted, PM if you need help.

  • please PM im stuck with 2nd web app the 02 creds dont work

    Raouf09

  • Rooted, very fun box

    QHpix

  • This... is... one... of... the... boxes... that... lives... up... to... its... name...

    trickster0 , you really made us work for the flags man!!!

    Anyway, guys, give you guys some directions.

    On the initial foothold, if you realised you only have 2 ports, try all ports including the ones we don't usually scan.
    Once you discover that port, go dig it, there's useful info there. (Skip Sitting by the dock of the bay, that's wastin' time).
    You will discover there's some service that is running that you can't find where it connects, think of an internet standard was established on 14 July 2017
    Once you connect to the service, you need to think what commands to run to show certain files at certain directories.
    When you try to privesc, try to run certain command to understand what certain users cant do and what other users can do.

    Browsing the author's github may help in one step of the process.

    Good Luck!!!

    wilsonnkwanl

  • @wilsonnkwan said:
    This... is... one... of... the... boxes... that... lives... up... to... its... name...

    trickster0 , you really made us work for the flags man!!!

    Anyway, guys, give you guys some directions.

    On the initial foothold, if you realised you only have 2 ports, try all ports including the ones we don't usually scan.
    Once you discover that port, go dig it, there's useful info there. (Skip Sitting by the dock of the bay, that's wastin' time).
    You will discover there's some service that is running that you can't find where it connects, think of an internet standard was established on 14 July 2017
    Once you connect to the service, you need to think what commands to run to show certain files at certain directories.
    When you try to privesc, try to run certain command to understand what certain users cant do and what other users can do.

    Browsing the author's github may help in one step of the process.

    Good Luck!!!

    So, after second login, I need to get the file the webpage is telling you?

    Randsec

  • @Randsec said:

    @wilsonnkwan said:
    This... is... one... of... the... boxes... that... lives... up... to... its... name...

    trickster0 , you really made us work for the flags man!!!

    Anyway, guys, give you guys some directions.

    On the initial foothold, if you realised you only have 2 ports, try all ports including the ones we don't usually scan.
    Once you discover that port, go dig it, there's useful info there. (Skip Sitting by the dock of the bay, that's wastin' time).
    You will discover there's some service that is running that you can't find where it connects, think of an internet standard was established on 14 July 2017
    Once you connect to the service, you need to think what commands to run to show certain files at certain directories.
    When you try to privesc, try to run certain command to understand what certain users cant do and what other users can do.

    Browsing the author's github may help in one step of the process.

    Good Luck!!!

    So, after second login, I need to get the file the webpage is telling you?

    yes!!!

    wilsonnkwanl

  • @Randsec said:

    @wilsonnkwan said:
    This... is... one... of... the... boxes... that... lives... up... to... its... name...

    trickster0 , you really made us work for the flags man!!!

    Anyway, guys, give you guys some directions.

    On the initial foothold, if you realised you only have 2 ports, try all ports including the ones we don't usually scan.
    Once you discover that port, go dig it, there's useful info there. (Skip Sitting by the dock of the bay, that's wastin' time).
    You will discover there's some service that is running that you can't find where it connects, think of an internet standard was established on 14 July 2017
    Once you connect to the service, you need to think what commands to run to show certain files at certain directories.
    When you try to privesc, try to run certain command to understand what certain users cant do and what other users can do.

    Browsing the author's github may help in one step of the process.

    Good Luck!!!

    So, after second login, I need to get the file the webpage is telling you?

    There're quite a few ways of getting the file actually. Some of them are actually quite tricky ;)

    HTB

  • edited August 2018

    did not found the second login page that you guys talk about i have enumerate SN** but nothing just found 2 udp ports and one 33** My*** but cannot connect to it

    Arrexel
    OSCP | I'm not a rapper

  • edited August 2018

    Hi guys, anyone able to PM me for a hint (no spoil) for the 2nd log on page? Tried pretty much everything on a credential point of view
    Edit: It really is back to basics. Mix it up with what you've discovered so far

  • edited August 2018

    Hi guyz, same here stuck at 2nd login page.

    Update : got it!

  • How did you find 2nd login page?

  • Totally stuck with this.

    Found the second login page; tried sqli, common user/pass combinations, created custom wordlist: no success
    Found open udp port; tried some commands but I don't get anything back, not even a banner so no clue what is going on there.
    Also, I can't understand the hints were given here.

    Some help would be really appreciated. And no enumerate more please! I think I enumerated all I could.

    Hope I am not spoiling anything. Everything I said was already written by someone in this thread.

    image

  • I'm stuck on the second login page as well. I've tried:

    • Credentials from the first login page, forwards and backwards.
    • Bruteforcing the password, with the username set to l**i and the two passwords as usernames.
    • Bruteforcing the username, with the passwords from the first login page.
    • Bruteforcing both the username and password.
    • All of the above with a custom wordlist based on all the words seen so far.

    Neither nikto nor gobuster were able to find anything useful on the second server. I do not see any further clues in the log file from when I "took a walk".

    What am I missing?

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • @opt1kz said:
    I'm stuck on the second login page as well. I've tried:

    • Credentials from the first login page, forwards and backwards.
    • Bruteforcing the password, with the username set to l**i and the two passwords as usernames.
    • Bruteforcing the username, with the passwords from the first login page.
    • Bruteforcing both the username and password.
    • All of the above with a custom wordlist based on all the words seen so far.

    Neither nikto nor gobuster were able to find anything useful on the second server. I do not see any further clues in the log file from when I "took a walk".

    What am I missing?

    talk to me on MM. I am with same nick. Can help on this without spoiling fun

    masuse

  • edited August 2018

    those struggling with 2nd login. They must have not enumerated on a well known service or they didn't bothered to read every single line on that service

    masuse

Sign In to comment.