Teacher

I cannot for the life of me figure out what the username is and it’s probably something very obvious that I’m just not seeing…

Hint for Root: Steppenwolf - Born To Be Wild (Easy Rider) (1969) - YouTube

@ChillPenguin said:

Has anyone gotten around the “Cannot get the specified dataset…” issue when trying to RCE?

I too would LOVE to know how to fix this dataset thing

I didnt get that error. if you have the right POC its just a matter of reading the writeup and then using the right sequence of events. made pretty clear in the POC video

I’m working on getting user. if I have a shell that doesnt mean I have user.txt right? or am I just not seeing it?

@SW4gb3JkZXIgdG said:

@ChillPenguin said:

Has anyone gotten around the “Cannot get the specified dataset…” issue when trying to RCE?

I too would LOVE to know how to fix this dataset thing

I didnt get that error. if you have the right POC its just a matter of reading the writeup and then using the right sequence of events. made pretty clear in the POC video

I’m having sort of the opposite issue. No errors, but also no execution. I know exactly which video you’re talking about and did everything the same.

Cannot seem to find any hint of a password on the teacher site. I’ve looked through every little obscure folder that gobuster found, no luck. A tip would be appreciated

@opt1kz said:

@SW4gb3JkZXIgdG said:

@ChillPenguin said:

Has anyone gotten around the “Cannot get the specified dataset…” issue when trying to RCE?

I too would LOVE to know how to fix this dataset thing

I didnt get that error. if you have the right POC its just a matter of reading the writeup and then using the right sequence of events. made pretty clear in the POC video

I’m having sort of the opposite issue. No errors, but also no execution. I know exactly which video you’re talking about and did everything the same.

You may need to reset the box and try again. It’s possible maybe somebody else ran a command that hosed it? Always run and confirm ping works first before you get crazy with RCE. Dont forget to limit ping to 1 (or else it runs forever).

@legerdemain said:
Cannot seem to find any hint of a password on the teacher site. I’ve looked through every little obscure folder that gobuster found, no luck. A tip would be appreciated

Look again. Open every file you find. If you cant open it, try to find out why you can’t (or try to open it another way). Dont limit your search to the teachers site either.

I’m working on getting user. if I have a shell that doesnt mean I have user.txt right? or am I just not seeing it?

Answering my own question; having a shell doesnt imply user. More digging gets you what you need.

Rooted last night. Fun box, although the user creds thing was a little unrealistic.

Thanks @Gioo!

enumerating from almost 2 hours, still failed to get password, where it is hidden? some comments says password is hidden somewhere on a file so i opened every file but most of them are not accessable, tried those files in another way but still BLANK :frowning: who says this is easy machine it could be but it is really confusing machine just it seems easy…

EDIT :- really weird machine just look all directories thanks to @salute101 and @tvgdb :slight_smile: now it seems very easy

@Laegir said:
Hint for Root: https://youtu.be/egMWlD3fLJ8

I just rooted this box and i don’t get this hint at all…

I have been enumerating since yesterday. There’s a ton of files which I looked at. Still can’t find any credentials. Can anyone give a hint?

@shortdevil101 said:
I have been enumerating since yesterday. There’s a ton of files which I looked at. Still can’t find any credentials. Can anyone give a hint?

In the same boat, any hints?

@Phrenesis2k said:

@Laegir said:
Hint for Root: https://youtu.be/egMWlD3fLJ8

I just rooted this box and i don’t get this hint at all…

Well, it depends. If you just want to read the flag then you don’t need to use the hint, so I think this is meant for those who are going for the root shell, which took me a while to figure the right steps.

@shortdevil101 It’s hidden in the masses. The filename does not stand out. The post by @SW4gb3JkZXIgdG already contains what you need.

[…] hint look at every file on every site

Taking a look what’s happening on the client side might help, too.

@fjv said:

@Phrenesis2k said:

@Laegir said:
Hint for Root: https://youtu.be/egMWlD3fLJ8

I just rooted this box and i don’t get this hint at all…

Well, it depends. If you just want to read the flag then you don’t need to use the hint, so I think this is meant for those who are going for the root shell, which took me a while to figure the right steps.

I rooted it with shell… i’ll pm you, i’m getting curious now… :wink:

@prokaryont said:
@shortdevil101 It’s hidden in the masses. The filename does not stand out. The post by @SW4gb3JkZXIgdG already contains what you need.

[…] hint look at every file on every site

Taking a look what’s happening on the client side might help, too.

It DOES stand out if you look at the right place.

■■■■! error database connection failed

I’m still not having any luck with getting logged in… I’ve tried the name at the bottom of the message where the password is but that didn’t work even when I tried bruteforcing it by adding a character to the end of the password but unless its using a character not available on keyboards normally then I don’t know…

@Richie said:
I’m still not having any luck with getting logged in… I’ve tried the name at the bottom of the message where the password is but that didn’t work even when I tried bruteforcing it by adding a character to the end of the password but unless its using a character not available on keyboards normally then I don’t know…

check your http response codes, you might need to think about how this works :wink:

So I found the hidden credentials but not finding where to apply them, is the login hidden? Do I need to do some more enumeration?

@ikuamike said:
So I found the hidden credentials but not finding where to apply them, is the login hidden? Do I need to do some more enumeration?

yes