Chaos

1246717

Comments

  • Finally rooted.

    User: It will Chaos you. Make sure you gobust everything instead sticking to domains and identify the open source thing. From there everything straightforward which involved multi steps like decryption, later injection, shell escape and user. Not much realistic :(

    Root: Once you got user you can see it infront of your nose. Then think how you use lazy feature in browser to see it.

    MrR3boot
    Learn | Hack | Have Fun

  • edited December 2018

    This box is... frustrating to say the least. I decrypted the thing, but what am I supposed to do with p** c***** s******? The URL seems like a troll.. any hints in PM would be appreciated as I'm fresh out of magic to solve this mystery..

    Edit: nevermind, was having DNS issues

  • Hi All, were do we get the elusive password? I did dirb and obtained a w**dp**** site. enumerated further and obtain a l**** screen. I am stumped by Chaos. Please PM me or any advice please!!!!!

  • I found this box pretty interesting even though it's really CTF-like. Anyway, it's a good opportunity to learn a few tricks! Thanks to @sahay for this box :)

  • Anyone got tips? Found the w* site on the IP url. Also found the w****n panel but cannot find credentials anywhere

  • I kinda like this box. I appreciate the effort put into creating the box. Thanks @sahay :+1: for you!

    limbernie
    Write-ups of retired machines

  • So I found creds but can't find w*****l anywhere. Tried logging into m*** using telnet etc but nothing seems to work

  • @RyanW18 said:
    So I found creds but can't find w*****l anywhere. Tried logging into m*** using telnet etc but nothing seems to work

    try to use something which just not brute force dirs, but the other thins in URL

    xterm

  • i got root and user!

  • jkrjkr
    edited December 2018

    @xterm said:

    @RyanW18 said:
    So I found creds but can't find w*****l anywhere. Tried logging into m*** using telnet etc but nothing seems to work

    try to use something which just not brute force dirs, but the other thins in URL

    Or try another well known protocol for accessing this stuff ;-)

  • hi guys,

    so I'm just decrypt the files and success to get RCE on the decrypted files, so I got reverse shell already but as w**-d*** .
    now Im working to find user / root.

    am I on the right path if im intrested on we**in?

    xterm

  • @dualfade said:
    That was a very cool box. I really didn't like the password guess work in the beginning but as a whole this is a very well done machine.

    You don't have to guess it, you can run an enumeration module that will find it very quickly (which I guess is just automated guessing, but still).

    --Skunkfoot

  • @Skunkfoot said:

    @dualfade said:
    That was a very cool box. I really didn't like the password guess work in the beginning but as a whole this is a very well done machine.

    You don't have to guess it, you can run an enumeration module that will find it very quickly (which I guess is just automated guessing, but still).

    For some reason using the famous tool that is 3 letters before z found it.... But I could not log in until I reset the machine. Then... all was well.

  • For all the people having trouble accessing the w**m***, there are at least two ways to do it. You can either do it manually via command-line, which was a cool new learning process for me, or you can do it via your browser, which is much more user-friendly. However, I ran into an issue with this at first, I assume, because of my HTTPS Everywhere extension. I pulled it up on a different browser with no issues.

    --Skunkfoot

  • @FlameOfIgnis said:
    Hint for user: Evolve to the machines needs.

    A perfect nudge, thanks.

  • I can not find anything to get into "wm" . Already found some creds but doesnt work. Pls any hint!! :anguished:

    xeto

  • > @xeto said:
    > I can not find anything to get into "wm" . Already found some creds but doesnt work. Pls any hint!! :anguished:

    Use openssl's s_client app!
  • Damn, I've been wanting to make a box with one of these techniques for months!

    I'm surprised so many people don't like this box, I actually really enjoyed it. I thought all of the steps were pretty logical and straightforward, and I learned about new vulnerabilities and techniques for every step (except the "priv esc" since I already knew about it). The only thing I thought could be done better was the priv esc. I felt like there were things that simply had no point of being there, and there are known vulnerabilities for those things, but then the root password is just given to you and you don't get to really play around with them at all.

    If someone disliked this box and wants to discuss why, feel free to PM me, I'm always curious about differing opinions!

    Thanks for the box @sahay !

    --Skunkfoot

  • Found the creds for w*****l. Dont know how to get there.

  • i managed to get a low priv shell, as w****-d**** dont know where to go from here i need a nudge .

  • edited December 2018

    @MrFlash24 said:
    Found the creds for w*****l. Dont know how to get there.

    Tired of people just posting their questions without reviewing previous posts that offer hints or answers to those exact questions. It's almost as bad as people posting just to let us know they got root (surprise, nobody cares if you got root, this thread is here to help people who are stuck and discuss the box, not boost your ego).

    To answer your question:

    @DaChef said:
    > @xeto said:
    > I can not find anything to get into "wm" . Already found some creds but doesnt work. Pls any hint!! :anguished:

    Use openssl's s_client app!

    And also:

    @Skunkfoot said:
    For all the people having trouble accessing the w**m***, there are at least two ways to do it. You can either do it manually via command-line, which was a cool new learning process for me, or you can do it via your browser, which is much more user-friendly. However, I ran into an issue with this at first, I assume, because of my HTTPS Everywhere extension. I pulled it up on a different browser with no issues.

    --Skunkfoot

  • Im trying to decrypt the file... Can someone PM me to help me fix my decryption script?

    Hack The Box

  • edited December 2018

    If you struggle with finding w** m***: Check your initial enum and see if there is another 'interface' that might let you access the same thing using a different client. Actually, I only realized that wm is a thing at all when I examined the 'items' with this other technology.

  • got creds for we****l, but dont know what to do... Any hints....

  • I was able to decrypt the file. But that URL given from decrypted message did not work for me. Any suggestions?

  • edited December 2018

    I'm stuck on decrypting the file, i have tested some scripts but I always have an error. Could anyone give me a hint on how to decrypt it? I already know the key and the method to encrypt the file but i don't know not exactly how to reverse the process.

    EDIT: I found the right method to decrypt the file

  • @chitran said:
    I was able to decrypt the file. But that URL given from decrypted message did not work for me. Any suggestions?

    Check your etc hosts and resolv.conf files. Your DNS settings may be causing you to make a bad request.

  • I have decoded the message and got the link but am unsure of how to approach the service. Can someone PM me for a chat?

  • Rooted! I must say the beginning steps were frustrating, but I was able to learn something new from the privesc method! Thanks for the box @sahay .
    Hints for user: enumerate everything and think like a lazy user/admin. If you get stuck decrypting something, there is a video out there that provides a great solution. After that, be sure to check your DNS settings!
    Hint for root: don't get caught in a wormhole overthinking the priv-esc; as has been said many times once you find user the path to root is literally right in front of you.

Sign In to comment.