This machine is great and priv esc was awesome, very realistic!
Spoiler Removed - Arrexel
No matter how I format the XML I get the 500 error. I’ve tried every which way (obviously not). I have all the elements mentioned on the page. A pm would be greatly appreciated.
EDIT: and right as I say that it works. ha, attention to detail my friends…
I am in that time machine file but dont know what to do next, please PM me
I got user.txt, I am able to read files but no listing or shell yet, I’ve found some files for a service, running on different port, but all I get is - “invalid format” error, although i verified them, and they proved to be valid. Is it intended that way, or maybe I am doing some mistake here?
@servetel10 said:
I am in that time machine file but dont know what to do next, please PM me
If you have a command you don’t know how to use, how do you learn?
If you have actually found the time machine, I guarantee you can even find a YouTube video of its name + 1 command to show you how to turn back the clock.
@NovNovikov said:
I got user.txt, I am able to read files but no listing or shell yet, I’ve found some files for a service, running on different port, but all I get is - “invalid format” error, although i verified them, and they proved to be valid. Is it intended that way, or maybe I am doing some mistake here?
Feel free to dm me with what you have. I’m not entirely sure what you’re asking, and since I already rooted this one you could be more specific there.
Got user, trying to get root. I think I have the idea but am missing something simple. Can I pm somebody to discuss it?
any hints for priv escalation?
@sesha569 My only advice is to read through the thread, and figure out how you could turn back time on a computer. Not too many options.
Got user. Learned a lot.
@HackingSnake said:
I’m still at the beginning , found a page on a port. I’m trying to enumerate with dirbuster but gives me some errors, am I on the wrong track?
For some reason dirbuster failed for me aswell. try dirb
hey i just found what i think i need to exploit, but i keep getting internal server error, can anyone pm me for some help on formatting of payload?
Can I PM someone about the way to get the user flag? I am very sure the kind of exploit I have to use in the Internal Server Error page. Since it does not output anything it has to be a blind injection, however as I am trying to refer to an external payload in my machine I can not seem to make it work. Help please!
Edit: Got it! nvm
Anyone able to give me a pointer on the XML I have it calling back on upload but I am stuck…
Great box man. Frustrating at parts for a new guy, but I definitely learned a lot as well.
For everyone else:
Step 1:
Enumeration. From the comments, you can pretty much tell what you need to do. I would definitely suggest starting out getting a non-malicious file uploaded to ensure your basic formatting is correct. If it is, you will get a confirmation message, of sorts. You can get user.txt this way once you add a command to read files.
Step 2:
Once you can read files, try to think about how you can gain access. I know there’s at least two ways to complete almost every part of this machine, which is kind of cool, but can be confusing for people as well. I didn’t do any two-part commands or reverse shell or anything like that. Not saying it’s not possible, but there might be an easier way. Can you think of any files on a system that you could read that would help you gain remote access?
Step 3:
Once you have access, enumerate, as usual. Again, there are at least two ways to get root access that I know of. Check the forums here for hints about how to locate information on the system about what you’re looking for. There’s a certain command that will actually show you both ways if you look closely enough.
Definitely a fun box. Feel free to PM me with questions. I’m no expert, but I’ll try to help ease some frustration where I can.
–Skunkfoot
Oh, im lost with this type of attack. I read here “upload something” but i cannot find an entry point. I try to send a xml to main page via curl, but POST method is not allowed, maybe it can be xx? injection? Is there some endpoint that is not / or /feed? Any hints?
What are the common methods for finding an “entry point” on a web server? If you need a nudge then PM me.
Oh, i got something TY GreysMatter