Frolic

@avetamine said:
As far as the idk**** password enumerate AGAIN with gobuster/dirb/dirbuster or your favorite guess the dirs tool sometimes this box needs reset as it returns 500’s for unknown reason, just reset it

Is this comment correct? Can someone else confirm that there a problem with this box? I am stack at the same point.

what do you mean?

@Akumu said:

@avetamine said:
As far as the idk**** password enumerate AGAIN with gobuster/dirb/dirbuster or your favorite guess the dirs tool sometimes this box needs reset as it returns 500’s for unknown reason, just reset it

Is this comment correct? Can someone else confirm that there a problem with this box? I am stack at the same point.

If you get this error reset the box. This means you spammed too hard.

@nawespet said:
Hey could anyone give me a hint for where to use the idk***** password (where to find a username??).
I understand I need to be looking through http enum but I have not found anything (I found a username and password that doesn’t seem to get into anything)…

There’s a file that refers to what page you need to go to. Make sure to run dirbusters on the sub-directories too, not just the root directory of the web server.

I’ve logged in to the application and further search shows two vulns which could be used. However i’m having difficulty in getting it to work. Any clues would be helpful.

Would anyone be willing to PM help for priv esc? I have followed the steps in Introduction to return oriented programming (ROP)
And I believe what I have done is correct (or near it) but just can’t seem to make it work…
EDIT: NVM got root

I know how to exploit pl****S app and read file system, I can even read user flag, but not sure how to proceed, reading files in /home/someuser directory does not help (or I’m missing something), there’s one file with SETTINGS and some hashes inside but JTR, hashcat and crackstation can’t crack them…

EDIT: Metasploit is failing with error: “Could not determine CSRF tolken”
EDIT: error is arguments… works now…

Rooted a while ago. If someone needs help feel free to PM me.

plz help me…after login the crack me page…i have decoded that language but don’t know where to use it.

@pardeep1211 said:
plz help me…after login the crack me page…i have decoded that language but don’t know where to use it.

Enumerate more. Try different tools with different capabilities. You will find what you are searching for in the end. :slight_smile:

Rooted. User was a complete CTF. I found priv-esc to be comparatively easy. Have fun guys!!!

Need help regarding rop. I got the system, exit, libc. So do we need offset as well? this is my first ROP. little bit confused. Saw the Oc**br IPPSec video. In that ASR enabled. So here it’s not there. so got confused.
Any hints here? Thanks in advance.

Logged into pl*****s site. worked around the csv file. Please PM how to get user

@sesha569 said:
Need help regarding rop. I got the system, exit, libc. So do we need offset as well? this is my first ROP. little bit confused. Saw the Oc****br IPPSec video. In that ASR enabled. So here it’s not there. so got confused.
Any hints here? Thanks in advance.

Got root. PM me if you need hints.

Feel free to PM me if you’re struggling with the priv esc.

AWESOMMME i am willing to touch myself. I wrote my first buff_ovrflw and got root.txt with the first shot.

Thx to IPPSEC for this video

At first hated the box, dont like CTF. But after user an one hour watching IPPSEC’s video, another hour to repeat and train this. I wrote this in less then 10 minutes

@Sekisback said:
AWESOMMME i am willing to touch myself. I wrote my first buff_ovrflw and got root.txt with the first shot.

Thx to IPPSEC for this video

At first hated the box, dont like CTF. But after user an one hour watching IPPSEC’s video, another hour to repeat and train this. I wrote this in less then 10 minutes

Same feeling as you :smiley:

But for user I couldn’t have a shell as I want it but it worked in the end of the day

I am sooo close getting root! Is anyone available for PM?

EDIT: Solved

Hello,
I have found two credentials, decoded first part of code (…!?!) and stuck on the second (looks like ba4).
Used ba
4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
Could you pls give a hint how to decode second part of code?

@c0uldb3 said:
Hello,
I have found two credentials, decoded first part of code (…!?!) and stuck on the second (looks like ba4).
Used ba
4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
Could you pls give a hint how to decode second part of code?

The output isn’t completely random - read about Magic Numbers :slight_smile: