Vault

I need some hints , anyone PM me :anguished:

I an on D**, and I am completely flummoxed as to how to get over to V****. I see the two closed ports. Anyone feel like DMing me a pointer or two? I’m out of ideas.

EDIT 1: Taking a closer look at a certain log file…

EDIT 2: Ooooh! It looks like I connected… Which is strange since I tried using a similar thing with nmap earlier with no success.

EDIT 3: Yep, I’m in. All the info you need is indeed in the logs not necessarily in the user directories or anything.

The box is fun. I especially like the “box in a box” concept.
But I wonder about getting root.txt: I found it without being root on Vault, even after reset. I assume this is the intended way but would like to know if someone was able to get root on the box, or if I was just lucky (at least 2 times :wink:

I’ve some trouble with shell upload, i try some way … if i upload wrong file i’ve got error message, but if i try other the page is like stuck without any message, is it normal?

edit: rooted
This thread is full of hints already, but giving my two cents:
User: Up to the first reverse shell it’s really straightforward. You then start enumerating everything, you’ll find your way. Read the files and learn lateral movement.

Root: Easier to find, trickier to get. You’ll need to research and to pay more attention to details. One hint is to write down everything you find since the beginning, you never know when or how you might need it.

I’m root on D**…cannot find any root.txt…any hint???

@BlackArrow said:
I’m root on D**…cannot find any root.txt…any hint???

You have got another box to go yet…

fucking awesome box again. Was funny but I don’t want to see it again!!!.

My hints:

User: don’t overthing as did. enumerate file uploads extension. Read this article https://netsec.ws/?p=278 (file free to report if it was a spoil). If you find other service just enumerate again (from the beginning like a new machine), but don’t touch too much or you will lose the information. Be Fucking happy

Root: everything here, so follow instuction. Read the logs, read everything. Copy and paste in a smart way. At this point you are close, all you need is in initial machine. And again be fucking happy

Feel free to report spoil

got root thanks @CHUCHO for the hints on tunneling!!!

@IteXss said:
got root thanks @CHUCHO for the hints on tunneling!!!

ssh tunneling not working here…■■■■ my syntax

I would really appreciate it if someone can PM me and have time to explain to me what really the objective of ssh tunneling is? I’ve read through several posts but i really need question specific answers :slight_smile: thanks in advance

Google Dynamic Port Forwarding (SSH) and you shall receive

Got user! big thank you to @CHUCHO and @IteXss . People with VIP should pay attention in case they don’t get the results that they expect by following the clues. They might need to change servers, especially if it has to do with port 80!

Hi, I need help with the reverse shell. Nothing I’ve tried has worked. I want to ask several questions to see if I can understand what I’m doing wrong.

Got user as well. Now in machine D*S do i privesc here or there is another pivot i need to do?

I’ve already got it to work

Stuck on g** file … dont know how to decrypt it. Please DM

Alright got root.txt. but how to get the root shell ?

is it common to get root first than user on this box? seemed to easy to get root, maybe i found something that i wasn’t supposed to? :confused:

i’ve got user on main box , got my way through on “inner box” , got my way through on “safe box”
i know what is g** file … thanks to google :smiley:
any hint on how to transfare this g** from “safebox” to “innerbox” keeps getting "port 22: Connection timed out "

Edit :GOT ROOT