Teacher

@nawaronin said:
Got root. Tips on this forum however lead me a little bit in wrong way…

That’s our job. Lure people into the wrong direction. :naughty:

I hate some users who keeps on destroying the site, resetting the box, and deleting the databases!

This box is cancerous. I don’t know what magical file people are seeing with credentials, but I’ve been through about a thousand of them and seen absolutely nothing. Super fun vector.

@Ruri said:
This box is cancerous. I don’t know what magical file people are seeing with credentials, but I’ve been through about a thousand of them and seen absolutely nothing. Super fun vector.

Carefully check the sources and you will be just fine…

@dxaxpanda said:

@Ruri said:
This box is cancerous. I don’t know what magical file people are seeing with credentials, but I’ve been through about a thousand of them and seen absolutely nothing. Super fun vector.

Carefully check the sources and you will be just fine…

I just found it. I maintain my last position: this box is cancerous. That was the stupidest vector I’ve found in all the time I’ve been doing this. I now see the little “hint”, but I maintain that this was idiotic and unrealistic.

Is anyone else having trouble with accessing the site?

EDIT: Do the credentials for the webapp change when the box is reset? My creds arent working anymore

EDIT2: Reaaaaaaly struggling with box staibility. Its up for 2 mins then down for like 10, no one else experiencing this?

Finally rooted! This machine is very unstable with all the resets… Some hints to help:
-For initial foothold:
Pay attention to everything you see on the site, no need for gobuster, just think like you have OCD… and then be a little “evil”.
-For user:
Can’t give much away without a spoiler, just try to be user G**.
-For root:
Find something that runs, try to understand what capabilities this program give you and where it moves something, and use this to get your root!
Hope this was helpful and not a spoiler!

My advice for everyone is just to move on to another box. This is a complete CTF nightmare factory and is not realistic in any sense of the word. If you’re prepping for OSCP or trying to hone real-life pentesting skills, you are wasting your time here.

Does anyone have any hints for me? I can reach 10.10.10.153 fine but the web app I cant get anything. Was having no problem yesterday. I reset my access config file for openvpn but still nothing…

@alrightalright said:
Does anyone have any hints for me? I can reach 10.10.10.153 fine but the web app I cant get anything. Was having no problem yesterday. I reset my access config file for openvpn but still nothing…

If you are on free like me just be patient!

All I can say is this is a well know CMS hint " learning "
It it is vulnerable to code injection

Any hint for getting user? I have a shell but cant find anything to read the flag : /

@xeto said:
Any hint for getting user? I have a shell but cant find anything to read the flag : /

Im in the exact same spot as you, currently digging around

@Phrenesis2k said:

@Sekisback said:
found hidden txt from G*** made a passlist with all chars according to the txt. used his first Name as user. tried it hydra and burp. nothing found :grey_question:

Username is case sensitive. So try again. :wink:

According to my tests, it’s not.

@alrightalright said:
I’m missing something… Cant find where to log in. nmap isnt showing anything. cant see anything with spider. Anyone drop me a hint ? ::tired_face:

try gobuster

@deleite said:

@Phrenesis2k said:

@Sekisback said:
found hidden txt from G*** made a passlist with all chars according to the txt. used his first Name as user. tried it hydra and burp. nothing found :grey_question:

Username is case sensitive. So try again. :wink:

According to my tests, it’s not.

It is case sensitive on the login Page !

@Baikuya said:

@deleite said:

@Phrenesis2k said:

@Sekisback said:
found hidden txt from G*** made a passlist with all chars according to the txt. used his first Name as user. tried it hydra and burp. nothing found :grey_question:

Username is case sensitive. So try again. :wink:

According to my tests, it’s not.

It is case sensitive on the login Page !

I managed to log in with ‘Gio*****’ and ‘gio****’ and the same password.

Hi, I got root.txt not the wildest way i expected. Someone please help me with root shell.

@Ruri said:
My advice for everyone is just to move on to another box. This is a complete CTF nightmare factory and is not realistic in any sense of the word. If you’re prepping for OSCP or trying to hone real-life pentesting skills, you are wasting your time here.

I don’t entirely agree with this, it’s a bit 50/50. Yes, the initial part is pretty silly and very very CTF. The getting shell part is something that can happen in real life. Then the creator made another poor choice with how to get the password (very ctf again).
I can see the Priv esc part happen in real life as well, because it is just poor scripting which does happen allot.

Rooted the box :slight_smile: