Mischeif

can I pm someone, i need to ask something about snmp. I already found 2nd login page, but seems I need to enumerate more on snmp.

Hi guys any hints, i’m conneted to Ap**** via ipv* but lo** credentials are not wokirng

Do i need bruteforicing with this box?

@mcruz said:
Do i need bruteforicing with this box?

No need to bruteforce. Just logic and enumeration would do.

Rooted, PM if you need help.

please PM im stuck with 2nd web app the 02 creds dont work

Rooted, very fun box

This… is… one… of… the… boxes… that… lives… up… to… its… name…

trickster0 , you really made us work for the flags man!!!

Anyway, guys, give you guys some directions.

On the initial foothold, if you realised you only have 2 ports, try all ports including the ones we don’t usually scan.
Once you discover that port, go dig it, there’s useful info there. (Skip Sitting by the dock of the bay, that’s wastin’ time).
You will discover there’s some service that is running that you can’t find where it connects, think of an internet standard was established on 14 July 2017
Once you connect to the service, you need to think what commands to run to show certain files at certain directories.
When you try to privesc, try to run certain command to understand what certain users cant do and what other users can do.

Browsing the author’s github may help in one step of the process.

Good Luck!!!

@wilsonnkwan said:
This… is… one… of… the… boxes… that… lives… up… to… its… name…

trickster0 , you really made us work for the flags man!!!

Anyway, guys, give you guys some directions.

On the initial foothold, if you realised you only have 2 ports, try all ports including the ones we don’t usually scan.
Once you discover that port, go dig it, there’s useful info there. (Skip Sitting by the dock of the bay, that’s wastin’ time).
You will discover there’s some service that is running that you can’t find where it connects, think of an internet standard was established on 14 July 2017
Once you connect to the service, you need to think what commands to run to show certain files at certain directories.
When you try to privesc, try to run certain command to understand what certain users cant do and what other users can do.

Browsing the author’s github may help in one step of the process.

Good Luck!!!

So, after second login, I need to get the file the webpage is telling you?

@Randsec said:

@wilsonnkwan said:
This… is… one… of… the… boxes… that… lives… up… to… its… name…

trickster0 , you really made us work for the flags man!!!

Anyway, guys, give you guys some directions.

On the initial foothold, if you realised you only have 2 ports, try all ports including the ones we don’t usually scan.
Once you discover that port, go dig it, there’s useful info there. (Skip Sitting by the dock of the bay, that’s wastin’ time).
You will discover there’s some service that is running that you can’t find where it connects, think of an internet standard was established on 14 July 2017
Once you connect to the service, you need to think what commands to run to show certain files at certain directories.
When you try to privesc, try to run certain command to understand what certain users cant do and what other users can do.

Browsing the author’s github may help in one step of the process.

Good Luck!!!

So, after second login, I need to get the file the webpage is telling you?

yes!!!

@Randsec said:

@wilsonnkwan said:
This… is… one… of… the… boxes… that… lives… up… to… its… name…

trickster0 , you really made us work for the flags man!!!

Anyway, guys, give you guys some directions.

On the initial foothold, if you realised you only have 2 ports, try all ports including the ones we don’t usually scan.
Once you discover that port, go dig it, there’s useful info there. (Skip Sitting by the dock of the bay, that’s wastin’ time).
You will discover there’s some service that is running that you can’t find where it connects, think of an internet standard was established on 14 July 2017
Once you connect to the service, you need to think what commands to run to show certain files at certain directories.
When you try to privesc, try to run certain command to understand what certain users cant do and what other users can do.

Browsing the author’s github may help in one step of the process.

Good Luck!!!

So, after second login, I need to get the file the webpage is telling you?

There’re quite a few ways of getting the file actually. Some of them are actually quite tricky :wink:

did not found the second login page that you guys talk about i have enumerate SN** but nothing just found 2 udp ports and one 33** My*** but cannot connect to it

Hi guys, anyone able to PM me for a hint (no spoil) for the 2nd log on page? Tried pretty much everything on a credential point of view
Edit: It really is back to basics. Mix it up with what you’ve discovered so far

Hi guyz, same here stuck at 2nd login page.

Update : got it!

How did you find 2nd login page?

Totally stuck with this.

Found the second login page; tried sqli, common user/pass combinations, created custom wordlist: no success
Found open udp port; tried some commands but I don’t get anything back, not even a banner so no clue what is going on there.
Also, I can’t understand the hints were given here.

Some help would be really appreciated. And no enumerate more please! I think I enumerated all I could.

Hope I am not spoiling anything. Everything I said was already written by someone in this thread.

I’m stuck on the second login page as well. I’ve tried:

  • Credentials from the first login page, forwards and backwards.
  • Bruteforcing the password, with the username set to l**i and the two passwords as usernames.
  • Bruteforcing the username, with the passwords from the first login page.
  • Bruteforcing both the username and password.
  • All of the above with a custom wordlist based on all the words seen so far.

Neither nikto nor gobuster were able to find anything useful on the second server. I do not see any further clues in the log file from when I “took a walk”.

What am I missing?

@opt1kz said:
I’m stuck on the second login page as well. I’ve tried:

  • Credentials from the first login page, forwards and backwards.
  • Bruteforcing the password, with the username set to l**i and the two passwords as usernames.
  • Bruteforcing the username, with the passwords from the first login page.
  • Bruteforcing both the username and password.
  • All of the above with a custom wordlist based on all the words seen so far.

Neither nikto nor gobuster were able to find anything useful on the second server. I do not see any further clues in the log file from when I “took a walk”.

What am I missing?

talk to me on MM. I am with same nick. Can help on this without spoiling fun

those struggling with 2nd login. They must have not enumerated on a well known service or they didn’t bothered to read every single line on that service

hi
can anybody pm im stuck on priv esc