@Ruri said:
This box is cancerous. I don’t know what magical file people are seeing with credentials, but I’ve been through about a thousand of them and seen absolutely nothing. Super fun vector.
Carefully check the sources and you will be just fine…
I just found it. I maintain my last position: this box is cancerous. That was the stupidest vector I’ve found in all the time I’ve been doing this. I now see the little “hint”, but I maintain that this was idiotic and unrealistic.
Finally rooted! This machine is very unstable with all the resets… Some hints to help:
-For initial foothold:
Pay attention to everything you see on the site, no need for gobuster, just think like you have OCD… and then be a little “evil”.
-For user:
Can’t give much away without a spoiler, just try to be user G**.
-For root:
Find something that runs, try to understand what capabilities this program give you and where it moves something, and use this to get your root!
Hope this was helpful and not a spoiler!
My advice for everyone is just to move on to another box. This is a complete CTF nightmare factory and is not realistic in any sense of the word. If you’re prepping for OSCP or trying to hone real-life pentesting skills, you are wasting your time here.
Does anyone have any hints for me? I can reach 10.10.10.153 fine but the web app I cant get anything. Was having no problem yesterday. I reset my access config file for openvpn but still nothing…
@alrightalright said:
Does anyone have any hints for me? I can reach 10.10.10.153 fine but the web app I cant get anything. Was having no problem yesterday. I reset my access config file for openvpn but still nothing…
@Sekisback said:
found hidden txt from G*** made a passlist with all chars according to the txt. used his first Name as user. tried it hydra and burp. nothing found
@alrightalright said:
I’m missing something… Cant find where to log in. nmap isnt showing anything. cant see anything with spider. Anyone drop me a hint ? :
@Sekisback said:
found hidden txt from G*** made a passlist with all chars according to the txt. used his first Name as user. tried it hydra and burp. nothing found
@Sekisback said:
found hidden txt from G*** made a passlist with all chars according to the txt. used his first Name as user. tried it hydra and burp. nothing found
Username is case sensitive. So try again.
According to my tests, it’s not.
It is case sensitive on the login Page !
I managed to log in with ‘Gio*****’ and ‘gio****’ and the same password.
@Ruri said:
My advice for everyone is just to move on to another box. This is a complete CTF nightmare factory and is not realistic in any sense of the word. If you’re prepping for OSCP or trying to hone real-life pentesting skills, you are wasting your time here.
I don’t entirely agree with this, it’s a bit 50/50. Yes, the initial part is pretty silly and very very CTF. The getting shell part is something that can happen in real life. Then the creator made another poor choice with how to get the password (very ctf again).
I can see the Priv esc part happen in real life as well, because it is just poor scripting which does happen allot.
@Sekisback said:
found hidden txt from G*** made a passlist with all chars according to the txt. used his first Name as user. tried it hydra and burp. nothing found
Username is case sensitive. So try again.
According to my tests, it’s not.
It is case sensitive on the login Page !
I managed to log in with ‘Gio*****’ and ‘gio****’ and the same password.
I think someone put the root and user flag readable for everyone
…
now that I get the box, I understand that this is one of the great defects of this box. I’m sure that many, like me, will end up getting on the flag effortlessly because of this