Dab

Trying to say this without any spoilers. Are my socks going down a rabbit hole?

@whipped said:
Trying to say this without any spoilers. Are my socks going down a rabbit hole?

You can fetch information from your socks if you know the key.

Spoiler Removed - Arrexel

Managed to get into the login page. Pretty confused as to what I am supposed to do now. Also found the dab guy, the cookie dude and some socks. I seem to be missing something to investigate further on these. Any hints?

I have the cookie dude all ready to rumble. But when i give him that cookie i know it works as he gives me 200 and his preview into the future is right. But i just can’t get it to browse.

NM got it

@KingCrab said:
Any hint about privesc? Found only one suspicious file.

I’m stuck here too.

usual enumeration

Currently on privesc. Found 2 suspicious files. One seems like a dead end. Any hints?

I’d say it’s three or four interesting files, one is a joke / dead end, number 2 is what is most obvious in the initial enum, and the other two might also show up in your initial enumeration.

Download the most obvious executable and analyze it with the ‘usual tools’ - then you realize what other files might be interesting.

finally rooted, what a box.

Rooted, great box, lots of fun, but is a relevant box title too much to ask ? :stuck_out_tongue:

Rooted, what a lovely box. Name was a little bit deceiving though

Rooted this box yesterday, the initial entry was the most fun. User to root was alright though!

hmnn…

Access denied: .... cookie incorrect

and…

Missing parameters

no idea on this one…
lol

Rooted! nice machine!

Many fun on getting user !

Could use a hint on privesc. Got something I’m trying, but can’t seem to get it to work right. Not sure if this is another rabbit hole or not.

What command can you use when using the s****t ?

So, I might be going in circles here. I found one service that gave me a file…another service that gave me an inventory, and another service that gives me a utility…still have not found user yet…dying

I don’t get it. At all.

I’ve found the “Nope…” file.

I’ve bruteforced some login credentials and seen the “the list”.

I’ve seen the “not set” message and figured out how to change it to “incorrect”.

I’ve tried using the session value for the “incorrect” part. I’ve also tried decoding the session value. Part of it looks like b****4 encoding, but the rest looks like gibberish.

I’ve tried bruteforcing the “incorrect” part with a custom wordlist based on “the list”.

nmap, dirbuster, nikto, sqlmap, etc have found nothing else of value.

What the f**k am I missing?! Argh!

@opt1kz said:
I don’t get it. At all.

I’ve found the “Nope…” file.

I’ve bruteforced some login credentials and seen the “the list”.

I’ve seen the “not set” message and figured out how to change it to “incorrect”.

I’ve tried using the session value for the “incorrect” part. I’ve also tried decoding the session value. Part of it looks like b****4 encoding, but the rest looks like gibberish.

I’ve tried bruteforcing the “incorrect” part with a custom wordlist based on “the list”.

nmap, dirbuster, nikto, sqlmap, etc have found nothing else of value.

What the f**k am I missing?! Argh!

Same here, tried a lot of bruteforcing but with no luck. :frowning: