Chaos

The machine is very CTF…
I would prefer machines that actually test our pen-testing abilities…

rooted.
This machine just got my dislike.
The initial entry is CTF like.

The actual www-data & user is nice and the bypass is also nice.

The root was stupid for obvious reasons.

I can’t found the credentials, is too obvious ? because i am reading all things line per line but i don’t see anything yet.

I’m stuck trying to force a round object into a cube shaped one I think. lol. still can’t log in :lol:

I can’t found the credentials, is too obvious ? because i am reading all things line per line > but i don’t see anything yet.

Its way, way too obvious. Just make sure you are looking for the right credentials

@FlameOfIgnis said:

I can’t found the credentials, is too obvious ? because i am reading all things line per line > but i don’t see anything yet.

Its way, way too obvious. Just make sure you are looking for the right credentials

Thanks for your answer, i will be patient with this xD

Need a hand with the decoding of file. pm pls if anyone can help

Nope… not finding these elusive creds.

Currently trying to decode, if anyone is willing please PM me for a hint :smiley:

guys I got the creds alrdy . and now Im trying to get webmail server.

any hint would much appreciated!

Edit: Spoiler :D, Sorry guys

I’m stuck. Found w****n and creds but don’t know what to do. Please PM.

@ferreirasc said:
Hints for privesc? I’m looking for juicy information inside .mo*****…

Am I in the right path? :expressionless:


something strange happened , i got user flag and submitted it but in progress bar no changes happened. it was zero before the flag and zero after the flag. can someone explain this to me?? :slight_smile:

Rooted

Root
For me it was not so obvious or logical to get root, in fact it was something weird but in the end it makes some sense.

Clue: It seems that the user left unprotected things out there, it’s a kind of time travel with the f*x

It should be enough, but just in case, the root is focused on W*****

Rooted.

I do not know what to think of this box.

Several foolish steps and other interesting … :expressionless:

Thx guys for the directions.

Tip for privesc: The path to root is in front of you. Focus on the files that your user owns. Remember well all the passwords obtained throughout the process. They can be important in several steps.

If there is any spoiler here… feel free to edit my post :slight_smile:

can anyone PM with links that helps in understanding how to decrypt the file ??

I’m stuck. Found w****n and creds but don’t know what to do. Please PM.

Rooted…

This machine is rated easy, not because it is straightforward, but because it does not require any advanced knowledge in pen testing…

I don’t, however, think it will add much knowledge to a beginner trying to learn…

Most of the steps do not require complicated solutions, but rather looking around and eliminating potential solutions one by one until the right one is left.

If you are stuck, need a little help, or need just a nudge in the right direction, PM me and I’ll be glad to help :slight_smile:

I have mixed feelings with this box. The privesc was very straightforward and is likely something you’d see someone do in a real world scenario, but the initial foothold was just odd. PM me if you are totally stuck and need a nudge, but the hints in this thread are very helpful.