Vault

Hello everyone.
Someone could help me out of DN *, I saw the file log found the command nc * with the ip of vault along with the open door, someone can make me a pm and maybe it helps me explaining how to get there? I’m a newbie and I would like to learn. I apologize for the horrible English

-do you give me confirmation that the configuration site gives problems? Thanks

@PsyXsouL said:
Rooted! Really awesome machine
and I don’t see any hints on the page for vault yet so here are few without spoiling it!!
For user find a place to upload something and then call it to get rev shell, check for listening ports and rest you are smart!
For root it’s very straightforward
Have a look at logs and you’ll find your way in!
Good luck!

found place to upload, but failed to get reveserse shell, do i need to change file type from php to jpeg?

rooted C:, learned a lot in this box.

I think this box has a lot of elements that OSCP lab has to offer (except for buffer overflow of course). I learned tons in this box, and especially like the pivoting aspect, very interesting in each step of the way to root. My brain actually hurts after non stop hacking. Thanks to @fjv and @roastymaus for providing invaluable hints.

i thought OSCP has 1 buffer overflow exploit?

.

You might be overthinking it. Have a look at its contents and see what you could do with that combined with the webpage.

first attempt at this box - found that first folder. Sneaky ! - made me laugh

Are others also having trouble with pivoting into the D** box? I have the correct approach and technique (I’ve gotten a shell twice), but it is incredibly unreliable. The exact same command, which worked a moment ago, copy/pasted to retry, doesn’t work.

Moreover, resetting the box on the dashboard doesn’t do anything. Eventually after waiting for 1.5 hours for it to reset, it reset – and then the same technique worked again, but only once.

What is going on with this box? Is it being hammered that much or do I have it wrong somehow? I don’t want to post what I’m trying in detail here, that’s obviously why I’m omitting details.

Edit: I overlooked the fact that there is an easy way back in, once you’ve gotten in once. That at least helps a lot. I was too eager and used the file in question to move onto the real target not realizing the same credentials gets you back into the D** box.

@raiden99 said:
Are others also having trouble with pivoting into the D** box? I have the correct approach and technique (I’ve gotten a shell twice), but it is incredibly unreliable. The exact same command, which worked a moment ago, copy/pasted to retry, doesn’t work.

Moreover, resetting the box on the dashboard doesn’t do anything. Eventually after waiting for 1.5 hours for it to reset, it reset – and then the same technique worked again, but only once.

What is going on with this box? Is it being hammered that much or do I have it wrong somehow? I don’t want to post what I’m trying in detail here, that’s obviously why I’m omitting details.

Also I am three days that I have the same problem, to have a shell wrapped I have to wait hours, and when I’m inside another reset part.

That was a fun env for sure. Nice !!

Hi there,
Is the on a rabbit hole? I could not find any way to leverage it. Or is the v*/s*** thing is the right way in?

@Zoakish said:
Hi there,
Is the o**n a rabbit hole?

No

Anyone willing to give a hint (PM) on file upload? Genuinly stuck, have researched several things and tried even more, can’t seem to get it working.

@Center said:
Anyone willing to give a hint (PM) on file upload? Genuinly stuck, have researched several things and tried even more, can’t seem to get it working.

You may not need file upload. There are other options.

got root on 192…4 DNS box.
there are:
1…n s…sh
Please pm for direction what do to with these files…

.

.

@dunnomilton said:
Please pm for direction what do to with these files…

Read them.

Then you need to find a way to use what they say, so it would be good to treat the new boxes like any other new box and enumerate. Find out what ports are open (net cat can be used as a portscanner if you cant get nmap on it) and then enumerate them.

Once you do this, you will find the thing you need to use the files you’ve found.

@evandrix said:
is the credentials to access 192.168.122.4/5 on the host 10.10.10.109?

Have you checked if you need credentials?