Teacher

All I can say is this is a well know CMS hint " learning "
It it is vulnerable to code injection

Any hint for getting user? I have a shell but cant find anything to read the flag : /

@xeto said:
Any hint for getting user? I have a shell but cant find anything to read the flag : /

Im in the exact same spot as you, currently digging around

@Phrenesis2k said:

@Sekisback said:
found hidden txt from G*** made a passlist with all chars according to the txt. used his first Name as user. tried it hydra and burp. nothing found :grey_question:

Username is case sensitive. So try again. :wink:

According to my tests, it’s not.

@alrightalright said:
I’m missing something… Cant find where to log in. nmap isnt showing anything. cant see anything with spider. Anyone drop me a hint ? ::tired_face:

try gobuster

@deleite said:

@Phrenesis2k said:

@Sekisback said:
found hidden txt from G*** made a passlist with all chars according to the txt. used his first Name as user. tried it hydra and burp. nothing found :grey_question:

Username is case sensitive. So try again. :wink:

According to my tests, it’s not.

It is case sensitive on the login Page !

@Baikuya said:

@deleite said:

@Phrenesis2k said:

@Sekisback said:
found hidden txt from G*** made a passlist with all chars according to the txt. used his first Name as user. tried it hydra and burp. nothing found :grey_question:

Username is case sensitive. So try again. :wink:

According to my tests, it’s not.

It is case sensitive on the login Page !

I managed to log in with ‘Gio*****’ and ‘gio****’ and the same password.

Hi, I got root.txt not the wildest way i expected. Someone please help me with root shell.

@Ruri said:
My advice for everyone is just to move on to another box. This is a complete CTF nightmare factory and is not realistic in any sense of the word. If you’re prepping for OSCP or trying to hone real-life pentesting skills, you are wasting your time here.

I don’t entirely agree with this, it’s a bit 50/50. Yes, the initial part is pretty silly and very very CTF. The getting shell part is something that can happen in real life. Then the creator made another poor choice with how to get the password (very ctf again).
I can see the Priv esc part happen in real life as well, because it is just poor scripting which does happen allot.

Rooted the box :slight_smile:

Interesting box … shell can be a bit of a time monster. However, I did like the priv esc.

@deleite said:

@Baikuya said:

@deleite said:

@Phrenesis2k said:

@Sekisback said:
found hidden txt from G*** made a passlist with all chars according to the txt. used his first Name as user. tried it hydra and burp. nothing found :grey_question:

Username is case sensitive. So try again. :wink:

According to my tests, it’s not.

It is case sensitive on the login Page !

I managed to log in with ‘Gio*****’ and ‘gio****’ and the same password.

somone changed Creds then. You were lucky

any hint on root? Can’t find ‘running prog’ everyone’s mentioning.

edit: thanks to @jkr , moving on

I think someone put the root and user flag readable for everyone

now that I get the box, I understand that this is one of the great defects of this box. I’m sure that many, like me, will end up getting on the flag effortlessly because of this

what is wrong with this box? the commands which worked before are not giving an rce anymore

@zombie said:
what is wrong with this box? the commands which worked before are not giving an rce anymore

Try changing the name of your parameter.

@Ruri said:
My advice for everyone is just to move on to another box. This is a complete CTF nightmare factory and is not realistic in any sense of the word. If you’re prepping for OSCP or trying to hone real-life pentesting skills, you are wasting your time here.

Spoiler Removed - egre55

Spoiler Removed - egre55

I’ll grant you that the rest of the box was much more interesting, after I completed it. I was just very frustrated with the initial portion.

@Ruri said:

@kindred said:

@Ruri said:
My advice for everyone is just to move on to another box. This is a complete CTF nightmare factory and is not realistic in any sense of the word. If you’re prepping for OSCP or trying to hone real-life pentesting skills, you are wasting your time here.

The only CTF-y part is the initial text file playing as an image file. Everything else is pretty interesting, and the RCE in particularly was pretty difficult to get right.

I’ll grant you that the rest of the box was much more interesting, after I completed it. I was just very frustrated with the initial portion.

Yeah, I found it pretty quickly by accident so I didn’t mind it too much, but I had the exact feeling you have for this box with Frolic; Just pointless, CTF-y nonsense imo.

I’m trying to be an evil teacher but can’t get the reverse shell. someone plz PM me. Thanks!!