Mischeif

hi i am stuck on privesc, ive tested all usual method and looked at local services also, can someone PM me a nudge in the right direction

@pzylence said:

@kecebong said:
I’m stuck at web protected page with 2 creds on the page, tried to bruteforce with those creds, none are working. Found 2 tcp and udp. Anyone can shed some lights what’s the next step?
Thank you

Enumerate!

Enumerate!Enumerate!Enumerate!Enumerate!Enumerate!Enumerate!

90% of the job lol Thanks @pzylence

Hi. Anyone able to help with intended way to priv esc on this box. Please PM me.

Ugh, still trying to get initial foothold myself. Must…enumerate…harder!

Nice box, really does have some twists and turns. Great job @trickster0.

Rooted. Whew. Good box @trickster0

can I pm someone, i need to ask something about snmp. I already found 2nd login page, but seems I need to enumerate more on snmp.

Hi guys any hints, i’m conneted to Ap**** via ipv* but lo** credentials are not wokirng

Do i need bruteforicing with this box?

@mcruz said:
Do i need bruteforicing with this box?

No need to bruteforce. Just logic and enumeration would do.

Rooted, PM if you need help.

please PM im stuck with 2nd web app the 02 creds dont work

Rooted, very fun box

This… is… one… of… the… boxes… that… lives… up… to… its… name…

trickster0 , you really made us work for the flags man!!!

Anyway, guys, give you guys some directions.

On the initial foothold, if you realised you only have 2 ports, try all ports including the ones we don’t usually scan.
Once you discover that port, go dig it, there’s useful info there. (Skip Sitting by the dock of the bay, that’s wastin’ time).
You will discover there’s some service that is running that you can’t find where it connects, think of an internet standard was established on 14 July 2017
Once you connect to the service, you need to think what commands to run to show certain files at certain directories.
When you try to privesc, try to run certain command to understand what certain users cant do and what other users can do.

Browsing the author’s github may help in one step of the process.

Good Luck!!!

@wilsonnkwan said:
This… is… one… of… the… boxes… that… lives… up… to… its… name…

trickster0 , you really made us work for the flags man!!!

Anyway, guys, give you guys some directions.

On the initial foothold, if you realised you only have 2 ports, try all ports including the ones we don’t usually scan.
Once you discover that port, go dig it, there’s useful info there. (Skip Sitting by the dock of the bay, that’s wastin’ time).
You will discover there’s some service that is running that you can’t find where it connects, think of an internet standard was established on 14 July 2017
Once you connect to the service, you need to think what commands to run to show certain files at certain directories.
When you try to privesc, try to run certain command to understand what certain users cant do and what other users can do.

Browsing the author’s github may help in one step of the process.

Good Luck!!!

So, after second login, I need to get the file the webpage is telling you?

@Randsec said:

@wilsonnkwan said:
This… is… one… of… the… boxes… that… lives… up… to… its… name…

trickster0 , you really made us work for the flags man!!!

Anyway, guys, give you guys some directions.

On the initial foothold, if you realised you only have 2 ports, try all ports including the ones we don’t usually scan.
Once you discover that port, go dig it, there’s useful info there. (Skip Sitting by the dock of the bay, that’s wastin’ time).
You will discover there’s some service that is running that you can’t find where it connects, think of an internet standard was established on 14 July 2017
Once you connect to the service, you need to think what commands to run to show certain files at certain directories.
When you try to privesc, try to run certain command to understand what certain users cant do and what other users can do.

Browsing the author’s github may help in one step of the process.

Good Luck!!!

So, after second login, I need to get the file the webpage is telling you?

yes!!!

@Randsec said:

@wilsonnkwan said:
This… is… one… of… the… boxes… that… lives… up… to… its… name…

trickster0 , you really made us work for the flags man!!!

Anyway, guys, give you guys some directions.

On the initial foothold, if you realised you only have 2 ports, try all ports including the ones we don’t usually scan.
Once you discover that port, go dig it, there’s useful info there. (Skip Sitting by the dock of the bay, that’s wastin’ time).
You will discover there’s some service that is running that you can’t find where it connects, think of an internet standard was established on 14 July 2017
Once you connect to the service, you need to think what commands to run to show certain files at certain directories.
When you try to privesc, try to run certain command to understand what certain users cant do and what other users can do.

Browsing the author’s github may help in one step of the process.

Good Luck!!!

So, after second login, I need to get the file the webpage is telling you?

There’re quite a few ways of getting the file actually. Some of them are actually quite tricky :wink:

did not found the second login page that you guys talk about i have enumerate SN** but nothing just found 2 udp ports and one 33** My*** but cannot connect to it

Hi guys, anyone able to PM me for a hint (no spoil) for the 2nd log on page? Tried pretty much everything on a credential point of view
Edit: It really is back to basics. Mix it up with what you’ve discovered so far

Hi guyz, same here stuck at 2nd login page.

Update : got it!