@avetamine said:
As far as the idk**** password enumerate AGAIN with gobuster/dirb/dirbuster or your favorite guess the dirs tool sometimes this box needs reset as it returns 500’s for unknown reason, just reset it
Is this comment correct? Can someone else confirm that there a problem with this box? I am stack at the same point.
@avetamine said:
As far as the idk**** password enumerate AGAIN with gobuster/dirb/dirbuster or your favorite guess the dirs tool sometimes this box needs reset as it returns 500’s for unknown reason, just reset it
Is this comment correct? Can someone else confirm that there a problem with this box? I am stack at the same point.
If you get this error reset the box. This means you spammed too hard.
@nawespet said:
Hey could anyone give me a hint for where to use the idk***** password (where to find a username??).
I understand I need to be looking through http enum but I have not found anything (I found a username and password that doesn’t seem to get into anything)…
There’s a file that refers to what page you need to go to. Make sure to run dirbusters on the sub-directories too, not just the root directory of the web server.
I’ve logged in to the application and further search shows two vulns which could be used. However i’m having difficulty in getting it to work. Any clues would be helpful.
Would anyone be willing to PM help for priv esc? I have followed the steps in Introduction to return oriented programming (ROP)
And I believe what I have done is correct (or near it) but just can’t seem to make it work…
EDIT: NVM got root
I know how to exploit pl****S app and read file system, I can even read user flag, but not sure how to proceed, reading files in /home/someuser directory does not help (or I’m missing something), there’s one file with SETTINGS and some hashes inside but JTR, hashcat and crackstation can’t crack them…
EDIT: Metasploit is failing with error: “Could not determine CSRF tolken”
EDIT: error is arguments… works now…
Need help regarding rop. I got the system, exit, libc. So do we need offset as well? this is my first ROP. little bit confused. Saw the Oc**br IPPSec video. In that ASR enabled. So here it’s not there. so got confused.
Any hints here? Thanks in advance.
@sesha569 said:
Need help regarding rop. I got the system, exit, libc. So do we need offset as well? this is my first ROP. little bit confused. Saw the Oc****br IPPSec video. In that ASR enabled. So here it’s not there. so got confused.
Any hints here? Thanks in advance.
AWESOMMME i am willing to touch myself. I wrote my first buff_ovrflw and got root.txt with the first shot.
Thx to IPPSEC for this video
At first hated the box, dont like CTF. But after user an one hour watching IPPSEC’s video, another hour to repeat and train this. I wrote this in less then 10 minutes
@Sekisback said:
AWESOMMME i am willing to touch myself. I wrote my first buff_ovrflw and got root.txt with the first shot.
Thx to IPPSEC for this video
At first hated the box, dont like CTF. But after user an one hour watching IPPSEC’s video, another hour to repeat and train this. I wrote this in less then 10 minutes
Same feeling as you
But for user I couldn’t have a shell as I want it but it worked in the end of the day
Hello,
I have found two credentials, decoded first part of code (…!?!) and stuck on the second (looks like ba4).
Used ba4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
Could you pls give a hint how to decode second part of code?
@c0uldb3 said:
Hello,
I have found two credentials, decoded first part of code (…!?!) and stuck on the second (looks like ba4).
Used ba4 decoders, however nothing valuable did not find in the output. Only random symbols and two times index.php.
Could you pls give a hint how to decode second part of code?
The output isn’t completely random - read about Magic Numbers