Nice box, but someone keeps resetting it and itās completely unnecessary. Also, brute forcing is NOT how you get in this box, neither is blasting it with any tool other than the basic enumeration.
Edit: Rooted. Very clever way of rooting. If youāre stuck, the answers you seek are in front of you.
@DataPush3r said:
wilsonnkwan, maybe just write a tutorial next time. Oh wait, you didā¦ ;|
Not many people are as smart as you, even with that, people still need to figure it out.
Sorry if this is spoiler to you guys
You could of just posted the link to the shell you uploaded, that way they wouldnāt even have to read your post. Just click the link and get a shell.
Your not even giving them a chance to figure it out on their own. Thats the thing
Sometimes all you are looking for is right in front of you. Some googling saved me a lot of time where you happen to search for a specific folder.Rooted. PM if you need a hint.
@mxchai said:
Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.
Thanks!
You need to do a little enumeration at the login level, we could inject what in a login page ?
i pretty much get what i need to do but the usernames taken * all of it *
Need to wait for my turn i guess !
Took me 2 days just to find xxxx.exe . Did someone mess up with the file or was it intentionally kept there ?
I know what I need to do in order to get root. Well, at least, I think I do. The problem is that the .exe I needed used to be there. But now itās not. Iāve used this .exe earlier on but I canāt seem to find it anywhere now. Thereās a shortcut for it on the desktop but itās not in the location where that shortcut is pointing. Any ideas?
@Mapperist said:
I know what I need to do in order to get root. Well, at least, I think I do. The problem is that the .exe I needed used to be there. But now itās not. Iāve used this .exe earlier on but I canāt seem to find it anywhere now. Thereās a shortcut for it on the desktop but itās not in the location where that shortcut is pointing. Any ideas?
I got stuck on this for days dude. Try not to focus too hard on the .exe itself, but what it could create. As soon as I realised this I had root.txt instantly.
@mxchai said:
Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.
Thanks!
You need to do a little enumeration at the login level, we could inject what in a login page ?
i pretty much get what i need to do but the usernames taken * all of it *
Need to wait for my turn i guess !
Took me 2 days just to find xxxx.exe . Did someone mess up with the file or was it intentionally kept there ?
Rooted !
You didnāt even need to find āITā, you could of accessed it from anywhere.
@mxchai said:
Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.
Thanks!
You need to do a little enumeration at the login level, we could inject what in a login page ?
i pretty much get what i need to do but the usernames taken * all of it *
Need to wait for my turn i guess !
Took me 2 days just to find xxxx.exe . Did someone mess up with the file or was it intentionally kept there ?
Rooted !
You didnāt even need to find āITā, you could of accessed it from anywhere.
Is there a way to access it from anywhere ? If Yes, Could you PM Me ?