Chaos

Anyone got tips? Found the w* site on the IP url. Also found the w****n panel but cannot find credentials anywhere

I kinda like this box. I appreciate the effort put into creating the box. Thanks @sahay :+1: for you!

So I found creds but can’t find w**l anywhere. Tried logging into m using telnet etc but nothing seems to work

@RyanW18 said:
So I found creds but can’t find w**l anywhere. Tried logging into m using telnet etc but nothing seems to work

try to use something which just not brute force dirs, but the other thins in URL

i got root and user!

@xterm said:

@RyanW18 said:
So I found creds but can’t find w**l anywhere. Tried logging into m using telnet etc but nothing seems to work

try to use something which just not brute force dirs, but the other thins in URL

Or try another well known protocol for accessing this stuff :wink:

hi guys,

so I’m just decrypt the files and success to get RCE on the decrypted files, so I got reverse shell already but as w**-d*** .
now Im working to find user / root.

am I on the right path if im intrested on we**in?

@dualfade said:
That was a very cool box. I really didn’t like the password guess work in the beginning but as a whole this is a very well done machine.

You don’t have to guess it, you can run an enumeration module that will find it very quickly (which I guess is just automated guessing, but still).

@Skunkfoot said:

@dualfade said:
That was a very cool box. I really didn’t like the password guess work in the beginning but as a whole this is a very well done machine.

You don’t have to guess it, you can run an enumeration module that will find it very quickly (which I guess is just automated guessing, but still).

For some reason using the famous tool that is 3 letters before z found it… But I could not log in until I reset the machine. Then… all was well.

For all the people having trouble accessing the wm*, there are at least two ways to do it. You can either do it manually via command-line, which was a cool new learning process for me, or you can do it via your browser, which is much more user-friendly. However, I ran into an issue with this at first, I assume, because of my HTTPS Everywhere extension. I pulled it up on a different browser with no issues.

@FlameOfIgnis said:
Hint for user: Evolve to the machines needs.

A perfect nudge, thanks.

I can not find anything to get into “wm” . Already found some creds but doesnt work. Pls any hint!! :anguished:

@xeto said:
I can not find anything to get into “wm” . Already found some creds but doesnt work. Pls any hint!! :anguished:

Use openssl’s s_client app!

■■■■, I’ve been wanting to make a box with one of these techniques for months!

I’m surprised so many people don’t like this box, I actually really enjoyed it. I thought all of the steps were pretty logical and straightforward, and I learned about new vulnerabilities and techniques for every step (except the “priv esc” since I already knew about it). The only thing I thought could be done better was the priv esc. I felt like there were things that simply had no point of being there, and there are known vulnerabilities for those things, but then the root password is just given to you and you don’t get to really play around with them at all.

If someone disliked this box and wants to discuss why, feel free to PM me, I’m always curious about differing opinions!

Thanks for the box @sahay !

Found the creds for w*****l. Dont know how to get there.

i managed to get a low priv shell, as w****-d**** dont know where to go from here i need a nudge .

@MrFlash24 said:
Found the creds for w*****l. Dont know how to get there.

Tired of people just posting their questions without reviewing previous posts that offer hints or answers to those exact questions. It’s almost as bad as people posting just to let us know they got root (surprise, nobody cares if you got root, this thread is here to help people who are stuck and discuss the box, not boost your ego).

To answer your question:

@DaChef said:

@xeto said:
I can not find anything to get into “wm” . Already found some creds but doesnt work. Pls any hint!! :anguished:

Use openssl’s s_client app!

And also:

@Skunkfoot said:
For all the people having trouble accessing the wm*, there are at least two ways to do it. You can either do it manually via command-line, which was a cool new learning process for me, or you can do it via your browser, which is much more user-friendly. However, I ran into an issue with this at first, I assume, because of my HTTPS Everywhere extension. I pulled it up on a different browser with no issues.

Im trying to decrypt the file… Can someone PM me to help me fix my decryption script?

If you struggle with finding w** m***: Check your initial enum and see if there is another ‘interface’ that might let you access the same thing using a different client. Actually, I only realized that wm is a thing at all when I examined the ‘items’ with this other technology.

got creds for we****l, but dont know what to do… Any hints…