Teacher

I found anything. Please help me !

Just to save you guys from wasting hours going through unnecessary files, to find the pass… you don’t need gobuster to find the page necessary.

trouble with the quiz since 6 hours someone willing to discus via pm or better chat?

@Sekisback said:
trouble with the quiz since 6 hours someone willing to discus via pm or better chat?

same here, didnt work at all following the video

Ugh, for all of you trying to get an initial foothold, run Spoiler Removed - egre55 on the main site. One of these files is … “wrong”…

To save hours of time… Do we have to get evil?

These systems that require a re-exploitation to achieve simple access are downright obnoxious. Yea I get it a lot of hackers have no social life but I do and stepping away shouldn’t mean redoing work. Just make creds easier to get and allow ssh or something…

Getting user was harder than root… i didn’t know that it was possible to do what it was doing… learn something new everyday I guess…

@meowzilla said:

@Sekisback said:
trouble with the quiz since 6 hours someone willing to discus via pm or better chat?

same here, didnt work at all following the video

Did you see “this-is-an-exploit-prevention” ?

a hint when going for root; once you find the thing that you think you can use to escalate your privileges, dont start (like I did) by trying to escalate your privileges assuming you know exactly whats happening. instead start by asking yourself, what can be doing the behavior i see? search for that thing everywhere, and you might just find it. from there the priv esc. possibilities crack wide open (lots of different methods once you know exactly what is going on).

@SW4gb3JkZXIgdG said:
oh man that was a lame way to get user password. its just a game of hide and seek that doesnt make any real world sense.

hint look at every file on every site. if a file doesnt open when you expect it to, find out why not.

like pages w/ @@ ^ ?

Feel free to PM me if you are running into issues.

please help me ! I cant find anything . I try something but isnt work .

i’m stuck i can’t find password , I’ve looked through every folder that gobuster found

@xeto said:
To save hours of time… Do we have to get evil?

Yes, you have to be an evil teacher.

What a journey, finally rooted it…

So this was an annoying but fun machine to play around with. Like most people I am not a fan of how the password is found, if it was setup a little differently then it would have been less frustrating for most.

The key to this machine, IMO, is enumeration and lots of it. It helps with initial foothold/user/root.

I did like the Priv Esc method, that was something I did not know and now have in my knowledge base…

Cheers.

Hi, I am trying to brute force what you have to, but I keep getting 303 http responses. What am I missing? I tried to revert the machine, but that didn’t work either :frowning:
Help is very appreciated

During your privesc,> @AlexanderNagy said:

Hi, I am trying to brute force what you have to, but I keep getting 303 http responses. What am I missing? I tried to revert the machine, but that didn’t work either :frowning:
Help is very appreciated

Hydra will brute force the password just fine. Set the failure message appropriately. No response code filtering required (unlike some of the hints in here would suggest…). Make sure you have a pre-generated list with all the possibilities first (good opportunity to brush up on your bash script skills).

Now stuck on root, probably some obscure trick to this…

Am i missing something crucial? i am still struggling to get user even though i have shell for a while, this machine doesn’t really feel like 20 points.

Nevermind, i found what i was missing.

Hint for initial credentials: After looking throught thousands of m****e files, i wouldn’t ever imagine myself finding it where it was.

Hint for user: To have an easier time with priv escs, create a file called my_privesc, and write a todo list on it. Do the steps sequentially, so you dont miss anything.