This one was nice and easy. It’s fun to have one of those once in a while. Never heard about magic numbers before, so i even learned something new today.
This box is getting fucked-up by many ppl (tons of reset or spoils) so I’m wondering how many people got user with full pre exploitation
I Am Stuk at Pabap file
And also not knpw what i do with secre.txt ?
If you’re stuck on priv esc try to find a way or write a script to capture what exactly is happening and go from there, then it’s quite simple.
Nice machine. User is quite easy. Root was even easyer :-).
Now I can see I’m learning …
Nice machine @L4mpje !
Saying my php is “unsafe”, how can i bypass? Have tried allowing php in options
Edit: Spent a few hours on this. I’m overlooking something. Can somebody help
Had a crack at this one - took 10 mins to get user, that part was simple
Now to have a look at root
finally got root.txt, thanx to @Ahm3dH3sham for the hint , but still i am so Curious how to have access to Shell Root, i just found hash of root.txt, LOL
@hemlock said:
Huuum, I’m stuck on the file p*******_*****p.txtI think I have a way to go through it but I need an advice on how to use it. If anyone could give me an advice by PM, would be fine
Thanks a lot ^^
same here, i can see the magic number and from my point of view it should be a b**.file i renamed it and tries to decompress, nothing works
EDIT : i got it
@Sekisback said:
@hemlock said:
Huuum, I’m stuck on the file p*******_*****p.txtI think I have a way to go through it but I need an advice on how to use it. If anyone could give me an advice by PM, would be fine
Thanks a lot ^^
same here, i can see the magic number and from my point of view it should be a b**.file i renamed it and tries to decompress, nothing works
did you check what sort of FILE it is and use the correct command to decompress ?
Nevermind, I wasn’t connected to the VPN and apparently 10.10.10.150 is a public facing cisco admin panel (wink wink).
what happened to Joomla? I did a little recon on the box a couple of days ago it was running wordpress now the website’s root directs to “Cisco DPC3825 DOCSIS 3.0 Data Gateway”. I already issued a reset request in case someone might have messed with it. However it hasn’t done anything yet. Did the creator alter the machine ?
@sahil said:
Nevermind, I wasn’t connected to the VPN and apparently 10.10.10.150 is a public facing cisco admin panel (wink wink).
what happened to Joomla? I did a little recon on the box a couple of days ago it was running wordpress now the website’s root directs to “Cisco DPC3825 DOCSIS 3.0 Data Gateway”. I already issued a reset request in case someone might have messed with it. However it hasn’t done anything yet. Did the creator alter the machine ?
OK…
That is a private subnet, so no it is not a public facing admin panel!
Have you checked your routes, or your local subnet? - I think its your wireless residential gateway or access point.
I manged to get root.txt but couldn’t really figure out how to get a proper root shell even though I worked out what was happening. (maybe I haven’t fully understood what was going on, would love someone to give me a tip or two on how to actually get the full root shell)
EDIT: I just learned what is going on.
after one day I passed the pa******_b***** this dirty little ■■■■■■■ now i got the user.txt
Thx to Rickter, ZaphodBB and hemlock for pushing in the right direction.
But for the root.txt i have no idea.
@paddy said:
Have a shell but no escape is working and can’t su to the user whose creds I have. Pm if you can help
Did you find a way to escape? I’m in the same situation
I have the shell, any clue about how to “escape”
I’ve been trying to brute force a login, and hydra keeps erroring out, am I wasting my time?