Hawk

Hey guys any help with this daum initial access!!! Please tell me im missing something really stupid and not just a noob. Nothing on website, no way to bypass login or Xss. SO…

I think theirs something in F** service… can someone help a bruthu out!!

@fl337 said:
Hey guys any help with this daum initial access!!! Please tell me im missing something really stupid and not just a noob. Nothing on website, no way to bypass login or Xss. SO…

I think theirs something in F** service… can someone help a bruthu out!!

Im struggling with this one too…I know its right in front of me!

Edit: user. Done

Edit: root. Done

This machine was not that difficult but there are some lessons learned for sure. The biggest one? Slow down. Look at what is right in front of you and remember that not everything problem needs to be met with an elaborate solution.

Cheers

I was able to get root.txt without having a shell as root. Out of curiosity, is it possible to get a shell as root for this box?

Got user.txt boiz!!! Lol super simple don’t over think things!! :slight_smile: Onto priv esc… Let’s get some H20 first hehe :wink: I already think I’m on the right path!

Just got the user flag last night - I guess when a guy called “mrh4sh” is making the machine, you kind of expect some sort of cracking to get you on your way :wink:

I have decrypted the .enc file and gained the password however I am completely stuck on where to use it…

Tried all the usual names in username on main drupal site but getting nothing :anguished:

I’m stuck and I’ve been stuck for a long time now. I don’t know how to decrypt the file. (I don’t have any background in this kind of matter), feel free to PM me :slight_smile:

Rooted! - Super fun box…

If anyone needs help feel free to drop me a PM! :+1:

Enjoyed this box. Knowledge from a previous box defo helped me on this one.

@Glasgow said:
… Out of curiosity, is it possible to get a shell as root for this box?

Yes.

Just rooted it. This one was a trip! Some hints that would have been helpful to have:

  • if you are unable to decrypt the file with the tools you found, and the hints here have not helped you figure it out, then maybe just go back to the actual commands used to encrypt / decrypt these types of files and put them in a bash for loop.
  • If you’re at the river, ready to drink water but having trouble finding access, try a different spot in the same river

If you’re stuck at any other spot, you should have plenty of hints in this thread. Any more hints would just give away the answer. Good luck.

are there stability problems with this box ? I followed the right steps to get a shell but it keeps hanging on my terminal…I see the host connecting to me but the shell never pops out and keeps on loading…

Hmm if someone can assist me with foothold that would be nice.

Finally rooted. Since y’all are reading, here is my contribution.

(1) Make no assumptions.
(2) Try to do everything more than one way.
(3) If you are having trouble with the “file”, I favor creating your own script over the Github option. If you are having trouble, you can always practice creating your own “special file” and practice…
(4) Speaking of practice - it never hurts to spin up a VM and CMS.

Great machine - many lessons learned.

Rooted! Finally, I got stuck in so many places by mistake, btw, nice box, learned a lot :fist:? !
My advice:
keep it simple! Sometimes you just not need fully access to the machine btw, if u want the access, just pacience and cat files, rolf.
Even not need a shell ! (Maybe I solve it by the wrong way ): , if anyone solve it by other method, pm to discuss please :3!)
If you’re stuck in the Aqua portal, try to do the most simpliest thing, maybe you’re trying to access where you dont have to !
(Just erase if any spoiler is in this )
Thanks to everyone who help without spoiler!
If anyone needs help, just pm me !
Cheers !

Edit: Nevermind, found it.

I haven’t found a foothold yet. I keep reading about a file that has to be decoded or decrypted but I haven’t gotten that far. If you can give me a nudge, please PM me and I’ll explain what I’ve already done to enumerate the box. Thanks

@singularity said:
Just rooted it. This one was a trip! Some hints that would have been helpful to have:

  • if you are unable to decrypt the file with the tools you found, and the hints here have not helped you figure it out, then maybe just go back to the actual commands used to encrypt / decrypt these types of files and put them in a bash for loop.
  • If you’re at the river, ready to drink water but having trouble finding access, try a different spot in the same river

If you’re stuck at any other spot, you should have plenty of hints in this thread. Any more hints would just give away the answer. Good luck.

many thanks to @singularity - +1 for this hint.

Got root today, so feel free to pm me for hints. I’m always happy to help.
However, I probably didn’t go down the nice road, though. I didn’t have to go via d***** and also did some inelegant stuff at the waterhole.
So, I would be glad if someone wants to discuss the approaches in order to learn from each other. Thanks!

FUCKKEN GOT EEEEEM BOISSSSS WOOOOW WHAT A RIDE LAWWWWRD JEEEZUS WOW THEIR IS A REALLY AWESOME SUUUUUUUPER DOPE POST THAT HELPED ME GET THE FINAL STEP FOR THE challenge WAAA IM THIRSTY NOW!!!

HEHE rooted ;D

Spoiler Removed - Arrexel