Dab

hint for midway to user pwn!
if you found your socks then you have to count how many you have

Great machine congrats

Both user and system were fun on this one. For privesc, don’t get trolled. Enumerate properly and thoroughly evaluate the results. I spent a few hours trying to exploit the wrong file.

deleted

For user, is exploitation of mc*** required? I’m finding it impossible to find any method of RCE or exposure of sensitive info… Can someone PM me? Spent many hours fuzzing away and learning about this service, but haven’t made progress in days…

Figured it out.

… I wasn’t getting the response I’d expect when using Burp/Zap, but it worked fine through the web browser.

@iSquatch said:
For user, is exploitation of mc*** required?

Is this the correct path? I can get a bit of info from some commands but none of it seems of use

Edit: Nvm

Cant even pass the login page … someone can give me some hints ??

Got root
Nice box

Internal Dev ? Infernal Dab more like!

#Somebody please halp (NVM)

I am getting:

Output

END

I have gone in/out and all other expected behavior is there disappears, reappears etc… tried from multiple boxen/browsers.

What am I doing wrong? I can see metadata displayed okay.

ANSWER:

ADBLOCK YES PEOPLE TURN uBLOCK OFF

That is what I was doing wrong. It blocks the data from displaying but not the metadata… I don’t even…

rooted now. That was fun.

There is one single interesting port I found with the s****t thing, which returns the version. Whenever I try to send some parameters over the line to it, I get “suspected hacking attempt”. I already tried bypassing, but not successful… Can someone give me a hint on this?

priv esc is killing me. I found try_harder which is garbage. my enum turned up alot of stuff with sticky bits??? can anybody throw me a bone on this one?

just pm me with a hint, I won’t bother you with any questions

@Djinn45SQL99 said:
priv esc is killing me. I found try_harder which is garbage. my enum turned up alot of stuff with sticky bits??? can anybody throw me a bone on this one?

just pm me with a hint, I won’t bother you with any questions

killing me too

Man, getting user was so much fun on this one. On to privesc! (+~+)

Root was quite fun and a lot more easier, than getting the user imho once you get the idea! Ping me, if help is needed!

Thanks @snowscan for this great box!

Im right there on priv esc. found the thing to imitate to trick the program but for some reason it’s not using what I made… what am I missing? pm me somebody plz

I have access to the shopping list as well as the s***** interface. Tried some stuff but getting “Suspected hacking attempt detected”. A bit stuck, if anyone would like to give me a nudge in private that would be great, or if someone is stuck where I am I’d be open for discussing the problem (also in private).

I think I got the right port for s*********. but seems I couldn’t add any data to it… got similar response “Suspected hacking attempt detected”. Can I have some small hint? thank you. PM.

Hello.
Could you give tips?
I’m learning.
I scanned this machine and I found four open ports.
I connect to an service that there is a file, cause I think it could have a hidden files or directory, but don’t.
I tried BF on the login page, but I didnt have success.
And there is a page that speek about cookies, but the sessions dont have cookies.
I’m lost.
About what should I search and learn for this machine?
Thank you.

First time I encountered a box where something like this was necessary for privesc… Refreshing to get away from mostly web-centric stuff tho. Nice box.