Poison

Can someone PM me. I did a wget to try and grab the .zip file and when i try and extract it this is the output i get

unzip *****.zip
Archive: *****.zip
End-of-central-directory signature not found. Either this file is not
a zipfile, or it constitutes one disk of a multi-part archive. In the
latter case the central directory and zipfile comment will be found on
the last disk(s) of this archive.
note: secret.zip may be a plain executable, not an archive
unzip: cannot find zipfile directory in one of secret.zip or
*****.zip.zip, and cannot find *****.zip.ZIP, period.

Finally rooted this box. Did take 2-3hours.

@zghost07 PM if you need hints.

@ActivateD Can i have a hint on priiv esc? im sure im 90% there

Hi!
Anyone can DM me? I think I’m very close. I had identified the service and unzip de file, but I can`t get both of them to work.

Thanks in advance

Something was wrong in the box.
After reset it works.
Rooted :slight_smile:

if you type rm -f root.txt, you’re a c*nt

Was having a lot of issues right at the end (grey screen) - if this happens, just issue a reset and it’ll work.

Great box

Got LFI and reverse connection from the box , but i am not able to get reverse shell as it filters out " /". Am i on the right path ??

I just got root on this box now. And I can absolutely agree that trying to bruteforce your way through is a waste of time. Take your time, REALLY read all the help docs/dialogs for the vulnerable services. RTFM is your best friend on this box.

Knowledge over Tools, boys and girls. Remember that and you’ll win the day.

Also, props to Charix for a fun af challenge!

I got the passwordfile but dont know how to use it.
Should i decode it or it can be used in another way

@voidhofer said:
Hi guys!

I got the user.txt and now I am working on the privesc part. Already found the service, managed to set up tunnel, but I have no idea about the pass i should be using for the connection. Tried the ssh pass already, did not work for me. Unzipped the secret, but its not readable by humans… Am I missing something? Need help!

CAn you help me in getting user

@dreadnaught said:
Ok, I have the decoded password. I’ve tried to ssh with www, poison, and a few other random usernames with no luck. Am I at least on the right track to getting in?

Could me give a hint on decoding the password

Got the user.txt now moving to privsec.
Note: Dont use burp decoder

I dont know how to get user, i got an pass, i know what service i must target, but some one can give me a hint ?

I got user but I’m stuck on the second part. Unzipped the file but I’m missing how to enumerate the machine. DMs would be appreciated

@lopseg said:
I dont know how to get user, i got an pass, i know what service i must target, but some one can give me a hint ?

its in the password

@HackingSnake said:
I got user but I’m stuck on the second part. Unzipped the file but I’m missing how to enumerate the machine. DMs would be appreciated

double check the running services, one that can help you privesc with the help of that file. man CommandName will come handy to figure out how to use that file over that command/service.

@Rayhan0x01 said:

@HackingSnake said:
I got user but I’m stuck on the second part. Unzipped the file but I’m missing how to enumerate the machine. DMs would be appreciated

double check the running services, one that can help you privesc with the help of that file. man CommandName will come handy to figure out how to use that file over that command/service.

Thanks, found the file, can cat it but can’t copy-paste lol

I feel like I’m close but could use a nudge… user - check, file unzipped - check, ***** tunnel over ***** - close! so f’ing close. Any help would be appreciated.