Chaos

2456717

Comments

  • @legerdemain said:
    Cant figure out where tf to find the w****il. Found the w***in, and the creds to the w****il, but no w****il.

    where are these creds!?

  • I have user.txt!

    It's a fun machine, like Frolic you have to use a little creativity

    Initial Foothold:
    Enumerate as always with Nmap and Gobuster, when you get to the initial question do not start using complex things, the answer is in front of you, for those who are stuck in w*****l, I advise my previous track in this thread, look well that is the way, after this only use Google and Python.

    If you can decode "that" then ... In the next part I had a little problem, and I did not see what I decoded, as you always have to read what you have in front of your eyes, you will go to another paradigm, a T****** p** m****, use Google is not so complex to do the most fun in this part

    User:
    It's quite simple, if you already have something that you got in the foothold, try using it on the machine again maybe it will work

    ....

    Looking for the root :bleep_bloop:

  • Stuck on root as well. I'm assuming it's more #GuessTheBox CTF crap. sigh

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • Lol no, what you need is right there in front of your nose. Don't you think it's weird that there's some data but the program that supposedly uses it isn't even installed?

  • The shitty hints are not helping. I have been scanning port 80, every NSE script, PCAPs, Burp, what a stupid box.

  • @fjv said:
    Lol no, what you need is right there in front of your nose. Don't you think it's weird that there's some data but the program that supposedly uses it isn't even installed?

    I just got it and no, that pretty much qualified as a perfect example of what I was talking about. That was a really decent hint, though, so thanks for that.

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • edited December 2018

    Could someone please help me out on what to do when you get to the page with the long ass name? I saw the script, but I don't know how tf to interact with it.

  • @legerdemain said:
    Could someone please help me out on what to do when you get to the page with the long ass name? I saw the script, but I don't know how tf to interact with it.

    You can PM me

    Hack The Box

  • @samsepi0l

    It's a fun machine, like Frolic .....

    y tho...

  • edited December 2018

    To be honest , I'm mainly here for the learning experience and look for real life world challenges. I find that boxes that try to be entertaining and be more of a puzzle / Easter egg hunt frustrate me . I appreciate the creator's efforts but just putting in my 2 cents .

    Hack The Box

  • So far, all the steps were completely CTF-Like.

    Tip for everyone: Give up trying to find a "realistic" way to go. There is not. lol

    ferreirasc
    OSCP | CRTE | Pentest+ | DCPT

  • edited December 2018

    The machine is very CTF..
    I would prefer machines that actually test our pen-testing abilities..

  • edited December 2018

    rooted.
    This machine just got my dislike.
    The initial entry is CTF like.

    The actual www-data & user is nice and the bypass is also nice.

    The root was stupid for obvious reasons.

    Hack The Box

    OSCE | OSCP | CRTE | GPEN | eCPTX | CREST CRT | GDAT | eCPPTv2 | GWAPT | OSWP | ECSA (Practical)

  • I can't found the credentials, is too obvious ? because i am reading all things line per line but i don't see anything yet.

    Hack The Box

  • I'm stuck trying to force a round object into a cube shaped one I think. lol. still can't log in :lol:

  • I can't found the credentials, is too obvious ? because i am reading all things line per line > but i don't see anything yet.

    Its way, way too obvious. Just make sure you are looking for the right credentials

  • @FlameOfIgnis said:

    I can't found the credentials, is too obvious ? because i am reading all things line per line > but i don't see anything yet.

    Its way, way too obvious. Just make sure you are looking for the right credentials

    Thanks for your answer, i will be patient with this xD

    Hack The Box

  • Need a hand with the decoding of file. pm pls if anyone can help

  • Nope... not finding these elusive creds.

  • Currently trying to decode, if anyone is willing please PM me for a hint :D

  • guys I got the creds alrdy . and now Im trying to get webmail server.

    any hint would much appreciated!

    xterm

  • edited December 2018

    Edit: Spoiler :D, Sorry guys

    ferreirasc
    OSCP | CRTE | Pentest+ | DCPT

  • I'm stuck. Found w****n and creds but don't know what to do. Please PM.

    MrFlash24

  • edited December 2018

    @ferreirasc said:
    Hints for privesc? I'm looking for juicy information inside .mo*****....

    Am I in the right path? :|


  • something strange happened , i got user flag and submitted it but in progress bar no changes happened. it was zero before the flag and zero after the flag. can someone explain this to me?? :)

  • Rooted

    Root
    For me it was not so obvious or logical to get root, in fact it was something weird but in the end it makes some sense.

    Clue: It seems that the user left unprotected things out there, it's a kind of time travel with the f*x

    It should be enough, but just in case, the root is focused on W*****

  • Rooted.

    I do not know what to think of this box.

    Several foolish steps and other interesting ... :|

    Thx guys for the directions.

    Tip for privesc: The path to root is in front of you. Focus on the files that your user owns. Remember well all the passwords obtained throughout the process. They can be important in several steps.

    If there is any spoiler here... feel free to edit my post :)

    ferreirasc
    OSCP | CRTE | Pentest+ | DCPT

  • can anyone PM with links that helps in understanding how to decrypt the file ??

  • I'm stuck. Found w****n and creds but don't know what to do. Please PM.

    MrFlash24

  • edited December 2018

    Rooted..

    This machine is rated easy, not because it is straightforward, but because it does not require any advanced knowledge in pen testing..

    I don't, however, think it will add much knowledge to a beginner trying to learn..

    Most of the steps do not require complicated solutions, but rather looking around and eliminating potential solutions one by one until the right one is left.

    If you are stuck, need a little help, or need just a nudge in the right direction, PM me and I'll be glad to help :)

Sign In to comment.