Chaos

@dualfade said:
That was a very cool box. I really didn’t like the password guess work in the beginning but as a whole this is a very well done machine.

You don’t have to guess it, you can run an enumeration module that will find it very quickly (which I guess is just automated guessing, but still).

@Skunkfoot said:

@dualfade said:
That was a very cool box. I really didn’t like the password guess work in the beginning but as a whole this is a very well done machine.

You don’t have to guess it, you can run an enumeration module that will find it very quickly (which I guess is just automated guessing, but still).

For some reason using the famous tool that is 3 letters before z found it… But I could not log in until I reset the machine. Then… all was well.

For all the people having trouble accessing the wm*, there are at least two ways to do it. You can either do it manually via command-line, which was a cool new learning process for me, or you can do it via your browser, which is much more user-friendly. However, I ran into an issue with this at first, I assume, because of my HTTPS Everywhere extension. I pulled it up on a different browser with no issues.

@FlameOfIgnis said:
Hint for user: Evolve to the machines needs.

A perfect nudge, thanks.

I can not find anything to get into “wm” . Already found some creds but doesnt work. Pls any hint!! :anguished:

@xeto said:
I can not find anything to get into “wm” . Already found some creds but doesnt work. Pls any hint!! :anguished:

Use openssl’s s_client app!

■■■■, I’ve been wanting to make a box with one of these techniques for months!

I’m surprised so many people don’t like this box, I actually really enjoyed it. I thought all of the steps were pretty logical and straightforward, and I learned about new vulnerabilities and techniques for every step (except the “priv esc” since I already knew about it). The only thing I thought could be done better was the priv esc. I felt like there were things that simply had no point of being there, and there are known vulnerabilities for those things, but then the root password is just given to you and you don’t get to really play around with them at all.

If someone disliked this box and wants to discuss why, feel free to PM me, I’m always curious about differing opinions!

Thanks for the box @sahay !

Found the creds for w*****l. Dont know how to get there.

i managed to get a low priv shell, as w****-d**** dont know where to go from here i need a nudge .

@MrFlash24 said:
Found the creds for w*****l. Dont know how to get there.

Tired of people just posting their questions without reviewing previous posts that offer hints or answers to those exact questions. It’s almost as bad as people posting just to let us know they got root (surprise, nobody cares if you got root, this thread is here to help people who are stuck and discuss the box, not boost your ego).

To answer your question:

@DaChef said:

@xeto said:
I can not find anything to get into “wm” . Already found some creds but doesnt work. Pls any hint!! :anguished:

Use openssl’s s_client app!

And also:

@Skunkfoot said:
For all the people having trouble accessing the wm*, there are at least two ways to do it. You can either do it manually via command-line, which was a cool new learning process for me, or you can do it via your browser, which is much more user-friendly. However, I ran into an issue with this at first, I assume, because of my HTTPS Everywhere extension. I pulled it up on a different browser with no issues.

Im trying to decrypt the file… Can someone PM me to help me fix my decryption script?

If you struggle with finding w** m***: Check your initial enum and see if there is another ‘interface’ that might let you access the same thing using a different client. Actually, I only realized that wm is a thing at all when I examined the ‘items’ with this other technology.

got creds for we****l, but dont know what to do… Any hints…

I was able to decrypt the file. But that URL given from decrypted message did not work for me. Any suggestions?

I’m stuck on decrypting the file, i have tested some scripts but I always have an error. Could anyone give me a hint on how to decrypt it? I already know the key and the method to encrypt the file but i don’t know not exactly how to reverse the process.

EDIT: I found the right method to decrypt the file

@chitran said:
I was able to decrypt the file. But that URL given from decrypted message did not work for me. Any suggestions?

Check your etc hosts and resolv.conf files. Your DNS settings may be causing you to make a bad request.

I have decoded the message and got the link but am unsure of how to approach the service. Can someone PM me for a chat?

Rooted! I must say the beginning steps were frustrating, but I was able to learn something new from the privesc method! Thanks for the box @sahay .
Hints for user: enumerate everything and think like a lazy user/admin. If you get stuck decrypting something, there is a video out there that provides a great solution. After that, be sure to check your DNS settings!
Hint for root: don’t get caught in a wormhole overthinking the priv-esc; as has been said many times once you find user the path to root is literally right in front of you.

@Un4gi said:
once you find user the path to root is literally right in front of you.

So true. Unfortunately, unless you’re aware of this method, you problem wouldn’t even think to look there, so it might take some people a while to figure out. I liked it though :slight_smile:

Any help with the decryptor?
I can encrypt and decrypt my own files but not the one retrieved from the w*****l.
I’m using the password hinted at in the message. What gives?

Edit: Sorted now. I was looking at it wrong. Got some excellent help from @cortex42 that taught me some useful information.