Dev0ops hints

Cool beans, privesc was much easier than I expected. Go back in time, go back in time… :]

Got the user. There is a missing character in my uploaded file. that causing error. Thanks all for your hints :slight_smile: @f4d0 @Ju577Ry

Can anyone give me a nudge via DM? I think I understand what kind of vulnerability I should be looking for, but really stuck at the first page you discover

@HackingSnake said:
Can anyone give me a nudge via DM? I think I understand what kind of vulnerability I should be looking for, but really stuck at the first page you discover

here comes the nudge (now I’m working on this box):

what is running as a server on that particular port/webpage? Which language is it written with? Can you find some well-known vulnerability for that particular language/service?

Have fun

Pnwed. For those who are struggling, read the message on that initial webpage and follow suit. For priv esc, read some of the hints on this blog and just get back in time and look for a very bad mistake. No programming skills , no exploits, just a browser and some ascii editor and basic linux command shell will get you there.

This machine is great and priv esc was awesome, very realistic!

Spoiler Removed - Arrexel

No matter how I format the XML I get the 500 error. I’ve tried every which way (obviously not). I have all the elements mentioned on the page. A pm would be greatly appreciated.

EDIT: and right as I say that it works. ha, attention to detail my friends…

I am in that time machine file but dont know what to do next, please PM me

I got user.txt, I am able to read files but no listing or shell yet, I’ve found some files for a service, running on different port, but all I get is - “invalid format” error, although i verified them, and they proved to be valid. Is it intended that way, or maybe I am doing some mistake here?

@servetel10 said:
I am in that time machine file but dont know what to do next, please PM me

If you have a command you don’t know how to use, how do you learn?

If you have actually found the time machine, I guarantee you can even find a YouTube video of its name + 1 command to show you how to turn back the clock.

@NovNovikov said:
I got user.txt, I am able to read files but no listing or shell yet, I’ve found some files for a service, running on different port, but all I get is - “invalid format” error, although i verified them, and they proved to be valid. Is it intended that way, or maybe I am doing some mistake here?

Feel free to dm me with what you have. I’m not entirely sure what you’re asking, and since I already rooted this one you could be more specific there.

Got user, trying to get root. I think I have the idea but am missing something simple. Can I pm somebody to discuss it?

any hints for priv escalation?

@sesha569 My only advice is to read through the thread, and figure out how you could turn back time on a computer. Not too many options.

Yup @Andromalius I tried that. Will look for other options to perform that.

Got user. Learned a lot.

@HackingSnake said:
I’m still at the beginning , found a page on a port. I’m trying to enumerate with dirbuster but gives me some errors, am I on the wrong track?

For some reason dirbuster failed for me aswell. try dirb

hey i just found what i think i need to exploit, but i keep getting internal server error, can anyone pm me for some help on formatting of payload?

Can I PM someone about the way to get the user flag? I am very sure the kind of exploit I have to use in the Internal Server Error page. Since it does not output anything it has to be a blind injection, however as I am trying to refer to an external payload in my machine I can not seem to make it work. Help please!

Edit: Got it! nvm