Dab

245678

Comments

  • Rooted this box yesterday, the initial entry was the most fun. User to root was alright though!

  • edited August 2018

    hmnn...

    Access denied: .... cookie incorrect
    

    and...

    Missing parameters
    

    no idea on this one...
    lol

  • Rooted! nice machine!

    Many fun on getting user !

    cdoisponto

  • Could use a hint on privesc. Got something I'm trying, but can't seem to get it to work right. Not sure if this is another rabbit hole or not.

  • What command can you use when using the s****t ?

  • So, I might be going in circles here. I found one service that gave me a file....another service that gave me an inventory, and another service that gives me a utility...still have not found user yet...dying

  • edited August 2018

    I don't get it. At all.

    I've found the "Nope..." file.

    I've bruteforced some login credentials and seen the "the list".

    I've seen the "not set" message and figured out how to change it to "incorrect".

    I've tried using the session value for the "incorrect" part. I've also tried decoding the session value. Part of it looks like b****4 encoding, but the rest looks like gibberish.

    I've tried bruteforcing the "incorrect" part with a custom wordlist based on "the list".

    nmap, dirbuster, nikto, sqlmap, etc have found nothing else of value.

    What the f**k am I missing?! Argh!

    opt1kz

  • @opt1kz said:
    I don't get it. At all.

    I've found the "Nope..." file.

    I've bruteforced some login credentials and seen the "the list".

    I've seen the "not set" message and figured out how to change it to "incorrect".

    I've tried using the session value for the "incorrect" part. I've also tried decoding the session value. Part of it looks like b****4 encoding, but the rest looks like gibberish.

    I've tried bruteforcing the "incorrect" part with a custom wordlist based on "the list".

    nmap, dirbuster, nikto, sqlmap, etc have found nothing else of value.

    What the f**k am I missing?! Argh!

    Same here, tried a lot of bruteforcing but with no luck. :(

  • @opt1kz said:
    I don't get it. At all.

    I've found the "Nope..." file.

    I've bruteforced some login credentials and seen the "the list".

    I've seen the "not set" message and figured out how to change it to "incorrect".

    I've tried using the session value for the "incorrect" part. I've also tried decoding the session value. Part of it looks like b****4 encoding, but the rest looks like gibberish.

    I've tried bruteforcing the "incorrect" part with a custom wordlist based on "the list".

    nmap, dirbuster, nikto, sqlmap, etc have found nothing else of value.

    What the f**k am I missing?! Argh!

    Bruteforcing with a well known wordlist may take less than 5 minutes, so keep trying , it's the way to go ;)

    xMagass

  • edited August 2018

    @xMagass said:

    Bruteforcing with a well known wordlist may take less than 5 minutes, so keep trying , it's the way to go ;)

    Yeah...

    Someone just gave me the same hint in a PM and now I feel like a moron. LOL.

    It's always the smallest, simplest things that I end up overlooking or not trying...

    Respect to both of you.

    opt1kz

  • Do I have to find a way around "Suspected hacking attempt detected" or is this not the way to go? I think I have everything it needs, just not sure what to do with it... lol

  • Hint... the way to get the user.txt, they shouldn't call this box dab, they should call this box waterfuzzinghydration.

    wilsonnkwanl

  • I have already rooted (Can check my profile)
    A shout out for all who rooted, the code that i used to get root, for some reason works only 1 out of 8 times, for those who have a consistent way to show the root.txt or even get a shell, can share your code with me? Want to learn from pros. Thank you.

    wilsonnkwanl

  • Got root shell, maybe you have an unintended way to get it , Pm me.

    xMagass

  • well folks, finally rooted this box. Rated it a total brainfuck cause i think my brain is srsly fucked now after privesc.

    My advice is to understand certain dependencies on files of interest, and research binary exploitation.

    Learned a lot on this box though, very well thought out IMO

  • Is putting my socks on a waste of time? Currently fuzzing both feet and finding nothing.

    opt1kz

  • There is something in your socks that could be of interest (at least I think so). Still not sure how to use what I found for more than getting some info. What is the very first you do with every new machine? Do it again just a different way using a different angle.

  • edited August 2018

    @rba said:
    What is the very first you do with every new machine? Do it again just a different way using a different angle.

    I just figured it out right before I saw this post, but this is a very good hint for anyone else who's stuck! I looked in my left sock and found my missing digits! ;D

    Edit: Got a user shell. Now I'm trying to escalate. Is my theory about corrupting things that are supposed to be "shared" correct, or is that a dead end?

    opt1kz

  • @3mrgnc3 said:
    hmnn...

    Access denied: .... cookie incorrect
    

    and...

    Missing parameters
    

    no idea on this one...
    lol

    This is where I am at. did compares of the lists too. found some difference in code pages but nothing very helpful yet.

  • user was a bit of fuzzing and a bit of knowing how to sort things out. now for root

  • Rooted! Great machine.. Learned a lot..

    AmsHusky18

  • I know what I need to do to elevate to root, but I have no experience doing it. I can't find any decent reading material on the technique, either, just outdated stuff that doesn't seem to apply to this box. If anyone would be willing to PM me with relevant blog posts or articles, I'd appreciate it.

    opt1kz

  • edited August 2018

    to quote ned flanders parents... "you goto help, we tried nothing and all out of ideas".
    someone who got user and could point me In a direction be appreciated. Found me a list, but can only think one way forward, currently not sure doing it right.

    Edit: Ignore me, i was a compelete idiot on this one.

  • @KuroSaru said:
    to quote ned flanders parents... "you goto help, we tried nothing and all out of ideas".
    someone who got user and could point me In a direction be appreciated. Found me a list, but can only think one way forward, currently not sure doing it right.

    Same here, can not figure out the recipe for the cookies. All ingredients are known but not sure if doing it the right order

  • edited August 2018

    Rooted. Be smart with your enumeration and don't overthink things like I always do. Instead of looking for l33t 0dayz, look for things that don't quite look right or normal and see if you can leverage them to your advantage.

    opt1kz

  • Making assumptions never helps. goto check everything when you want root.... was a good box.

  • 0wned!! any help for root PM me

  • @3mrgnc3 said:
    hmnn...

    Access denied: .... cookie incorrect
    

    and...

    Missing parameters
    

    no idea on this one...
    lol

    Are we supposed to guess all parameters or will enumeration find some parameters?

  • I'm also having trouble "baking cookies", would appreciate a PM from someone.

  • A hint regarding the cookie: Everything you need to know about what it wants is in that error message. It's telling you what to feed it, in plain English. It's incredibly simple and you're probably overthinking it. I know I was.

    After you get past that initial step, it's simply a matter of figuring out what Mr. Cookie Monster's preferred "flavor" is.

    opt1kz

Sign In to comment.