Teacher

Feel free to PM me if you are running into issues.

please help me ! I cant find anything . I try something but isnt work .

i’m stuck i can’t find password , I’ve looked through every folder that gobuster found

@xeto said:
To save hours of time… Do we have to get evil?

Yes, you have to be an evil teacher.

What a journey, finally rooted it…

So this was an annoying but fun machine to play around with. Like most people I am not a fan of how the password is found, if it was setup a little differently then it would have been less frustrating for most.

The key to this machine, IMO, is enumeration and lots of it. It helps with initial foothold/user/root.

I did like the Priv Esc method, that was something I did not know and now have in my knowledge base…

Cheers.

Hi, I am trying to brute force what you have to, but I keep getting 303 http responses. What am I missing? I tried to revert the machine, but that didn’t work either :frowning:
Help is very appreciated

During your privesc,> @AlexanderNagy said:

Hi, I am trying to brute force what you have to, but I keep getting 303 http responses. What am I missing? I tried to revert the machine, but that didn’t work either :frowning:
Help is very appreciated

Hydra will brute force the password just fine. Set the failure message appropriately. No response code filtering required (unlike some of the hints in here would suggest…). Make sure you have a pre-generated list with all the possibilities first (good opportunity to brush up on your bash script skills).

Now stuck on root, probably some obscure trick to this…

Am i missing something crucial? i am still struggling to get user even though i have shell for a while, this machine doesn’t really feel like 20 points.

Nevermind, i found what i was missing.

Hint for initial credentials: After looking throught thousands of m****e files, i wouldn’t ever imagine myself finding it where it was.

Hint for user: To have an easier time with priv escs, create a file called my_privesc, and write a todo list on it. Do the steps sequentially, so you dont miss anything.

Hi, could I PM someone about the initial logon. Got the user and the password -1 but tried to apply custom dictionary to use on the form with hydra and burp with the amended possibilities. changed the failed response to mirror the form I either find 16 possibilities or none, the occassional red herring, I’m stumped, even changed for the varying case for username and possible typo for password… many thanks

Edited: thank you to those who responded +1, onto user now

Hi mates, I got the credentials, but i have problems during the logging, i am continuously being disconnected, does anyone have the same problem? i cannot maintain the session open!!

Thanks @opt1kz !
R00ted… had a ■■■■ of a time with priv esc by making assumptions.

Could some one please help me out with the initial credentials, I must be missing something obvious. I don’t think I can bring my self to trawl through the dirbuster and skipfish outputs again…

Edit: as predicted, thank you @jkr

@numbfrank said:
Could some one please help me out with the initial credentials, I must be missing something obvious. I don’t think I can bring my self to trawl through the dirbuster and skipfish outputs again…

Same boat.

@tiger5tyle said:

@numbfrank said:
Could some one please help me out with the initial credentials, I must be missing something obvious. I don’t think I can bring my self to trawl through the dirbuster and skipfish outputs again…

Same boat.

PM me

still can’t figure out the password. what’s that last character? is brute-forcing really is the way to do this? tried all the clues i have found near the error…

EDIT: found it

Could someone pm me about the privesc? Im pretty sure I’m on the right track, but nothing seems to work.

While creating the box I was thinking whether to make the box realistic or original. So yes, I’m aware that the the way of finding the first password is highly unrealistic. But nonetheless, I hope people will learn something new.

After some enumeration and finding nothing useful, i came to get a nudge. It seems this is one machine to skip, because i prefer technical attack vectors that are at least close to “real world” situations. The moment i read that some guys are reading 2000+ files to find something hidden somewhere just putting me off instantly. I not blame the creator but it is just my 2cents.

@Warlord711 said:
After some enumeration and finding nothing useful, i came to get a nudge. It seems this is one machine to skip, because i prefer technical attack vectors that are at least close to “real world” situations. The moment i read that some guys are reading 2000+ files to find something hidden somewhere just putting me off instantly. I not blame the creator but it is just my 2cents.

These guys failed in first step of enumeration and jumped directly to step 3 or later. Because of that, they are missing step 2.

Many others failed in using tools properly. Don´t be skid bashing commands and try to understand what is your target, why some things are happening and why you see what you see.