Vault

@banteng999 said:

@adyd said:
Just want to make a comment after all those other comments about help. So it’s not unreasonable to ask for help. by definition if you are on forum you are after help. Let’s all agree any help is a spoiler for some. We all get fed up with PPL not bothering or being lazy but as a community we need to remember people are learning and come for help. I would consider myself experienced but jeez need help a lot, let’s all agree we should be helping each other without giveaways. this box is a good example! I have seen posts (since removed) that have help and have seen criticism of that person. Sorry forgot my rant a little. Basically forums should be used for help, clues should be used. If you don’t want spoilers don’t visit forum!

Awesome

I don’t mind giving clues and subtle hints along the way. We’re all here to learn, and I don’t have a problem giving hints.

Even if you give out complete steps to compromise boxes along with how certain things work, hopefully, it makes people think. How did this work? Oh, ok. Wow. I learned something.

We are here to share, in my opinion.

Nice spoken. I am a rooky and this is my 6th box. I am glad if I ask for a hint and get help. But I ask only after hours/days without success and I explain what I did till this point. Till now the people here gave me good hints like "watch the video xyz or research xyz. I dont want the solution, only a kick in the right direction. For the spoiler we can use PM.
Happy hunting

@r3no said:
This machine was fun :slight_smile: :+1:
Rooted

The only thing is, it is currently slow even in VIP. Sometimes you really need to reset it for something to work. Once you do, it will take about 10 minutes for everything to go back to normal so don’t re-reset if you didn’t see what you were looking for before the 1st reset

I agree, even on VIP this box is under resourced, takes a good 10 mins from a reset for everything to come back up in order to pivot.

What a box though. It felt like it would never end, but I learned so much from it.

I checked a certain log file multiple times. I see a port open on the vault with a specific command in the scan, I’ve seen the command n***t with parameters --s-e**c , but it keeps hanging then on the box. I’m stuck at this point. Someone would like to help me a bit? I don’t want solutions, I would like directions, so I can learn and understand the method :slight_smile:

i found directory to upload image file which contain reverse shell, but it didint work, please give me hint

@banteng999 said:
i found directory to upload image file which contain reverse shell, but it didint work, please give me hint

Read previous posts, there are already hints for this part.

Nice one, got root. This one is a goldielocks box, not too easy, not too hard, just a nice bit of evening fun.

@sfox0x01 said:
Can anyone pm me pls for initial foothold? Enumerating for hours but not able to find anything.

Lol. Nevermind. Got 404 for over an hour using the correct folder. Now getting 403

I too faced it. Even name resolution server goes down sometimes.

Hello everyone.
Someone could help me out of DN *, I saw the file log found the command nc * with the ip of vault along with the open door, someone can make me a pm and maybe it helps me explaining how to get there? I’m a newbie and I would like to learn. I apologize for the horrible English

-do you give me confirmation that the configuration site gives problems? Thanks

@PsyXsouL said:
Rooted! Really awesome machine
and I don’t see any hints on the page for vault yet so here are few without spoiling it!!
For user find a place to upload something and then call it to get rev shell, check for listening ports and rest you are smart!
For root it’s very straightforward
Have a look at logs and you’ll find your way in!
Good luck!

found place to upload, but failed to get reveserse shell, do i need to change file type from php to jpeg?

rooted C:, learned a lot in this box.

I think this box has a lot of elements that OSCP lab has to offer (except for buffer overflow of course). I learned tons in this box, and especially like the pivoting aspect, very interesting in each step of the way to root. My brain actually hurts after non stop hacking. Thanks to @fjv and @roastymaus for providing invaluable hints.

i thought OSCP has 1 buffer overflow exploit?

.

You might be overthinking it. Have a look at its contents and see what you could do with that combined with the webpage.

first attempt at this box - found that first folder. Sneaky ! - made me laugh

Are others also having trouble with pivoting into the D** box? I have the correct approach and technique (I’ve gotten a shell twice), but it is incredibly unreliable. The exact same command, which worked a moment ago, copy/pasted to retry, doesn’t work.

Moreover, resetting the box on the dashboard doesn’t do anything. Eventually after waiting for 1.5 hours for it to reset, it reset – and then the same technique worked again, but only once.

What is going on with this box? Is it being hammered that much or do I have it wrong somehow? I don’t want to post what I’m trying in detail here, that’s obviously why I’m omitting details.

Edit: I overlooked the fact that there is an easy way back in, once you’ve gotten in once. That at least helps a lot. I was too eager and used the file in question to move onto the real target not realizing the same credentials gets you back into the D** box.

@raiden99 said:
Are others also having trouble with pivoting into the D** box? I have the correct approach and technique (I’ve gotten a shell twice), but it is incredibly unreliable. The exact same command, which worked a moment ago, copy/pasted to retry, doesn’t work.

Moreover, resetting the box on the dashboard doesn’t do anything. Eventually after waiting for 1.5 hours for it to reset, it reset – and then the same technique worked again, but only once.

What is going on with this box? Is it being hammered that much or do I have it wrong somehow? I don’t want to post what I’m trying in detail here, that’s obviously why I’m omitting details.

Also I am three days that I have the same problem, to have a shell wrapped I have to wait hours, and when I’m inside another reset part.

That was a fun env for sure. Nice !!

Hi there,
Is the on a rabbit hole? I could not find any way to leverage it. Or is the v*/s*** thing is the right way in?