@dualfade said:
That was a very cool box. I really didn’t like the password guess work in the beginning but as a whole this is a very well done machine.
You don’t have to guess it, you can run an enumeration module that will find it very quickly (which I guess is just automated guessing, but still).
@dualfade said:
That was a very cool box. I really didn’t like the password guess work in the beginning but as a whole this is a very well done machine.
You don’t have to guess it, you can run an enumeration module that will find it very quickly (which I guess is just automated guessing, but still).
For some reason using the famous tool that is 3 letters before z found it… But I could not log in until I reset the machine. Then… all was well.
For all the people having trouble accessing the wm*, there are at least two ways to do it. You can either do it manually via command-line, which was a cool new learning process for me, or you can do it via your browser, which is much more user-friendly. However, I ran into an issue with this at first, I assume, because of my HTTPS Everywhere extension. I pulled it up on a different browser with no issues.
■■■■, I’ve been wanting to make a box with one of these techniques for months!
I’m surprised so many people don’t like this box, I actually really enjoyed it. I thought all of the steps were pretty logical and straightforward, and I learned about new vulnerabilities and techniques for every step (except the “priv esc” since I already knew about it). The only thing I thought could be done better was the priv esc. I felt like there were things that simply had no point of being there, and there are known vulnerabilities for those things, but then the root password is just given to you and you don’t get to really play around with them at all.
If someone disliked this box and wants to discuss why, feel free to PM me, I’m always curious about differing opinions!
@MrFlash24 said:
Found the creds for w*****l. Dont know how to get there.
Tired of people just posting their questions without reviewing previous posts that offer hints or answers to those exact questions. It’s almost as bad as people posting just to let us know they got root (surprise, nobody cares if you got root, this thread is here to help people who are stuck and discuss the box, not boost your ego).
@xeto said:
I can not find anything to get into “wm” . Already found some creds but doesnt work. Pls any hint!!
Use openssl’s s_client app!
And also:
@Skunkfoot said:
For all the people having trouble accessing the wm*, there are at least two ways to do it. You can either do it manually via command-line, which was a cool new learning process for me, or you can do it via your browser, which is much more user-friendly. However, I ran into an issue with this at first, I assume, because of my HTTPS Everywhere extension. I pulled it up on a different browser with no issues.
If you struggle with finding w** m***: Check your initial enum and see if there is another ‘interface’ that might let you access the same thing using a different client. Actually, I only realized that wm is a thing at all when I examined the ‘items’ with this other technology.
I’m stuck on decrypting the file, i have tested some scripts but I always have an error. Could anyone give me a hint on how to decrypt it? I already know the key and the method to encrypt the file but i don’t know not exactly how to reverse the process.
EDIT: I found the right method to decrypt the file
Rooted! I must say the beginning steps were frustrating, but I was able to learn something new from the privesc method! Thanks for the box @sahay .
Hints for user: enumerate everything and think like a lazy user/admin. If you get stuck decrypting something, there is a video out there that provides a great solution. After that, be sure to check your DNS settings!
Hint for root: don’t get caught in a wormhole overthinking the priv-esc; as has been said many times once you find user the path to root is literally right in front of you.
@Un4gi said:
once you find user the path to root is literally right in front of you.
So true. Unfortunately, unless you’re aware of this method, you problem wouldn’t even think to look there, so it might take some people a while to figure out. I liked it though
Any help with the decryptor?
I can encrypt and decrypt my own files but not the one retrieved from the w*****l.
I’m using the password hinted at in the message. What gives?
Edit: Sorted now. I was looking at it wrong. Got some excellent help from @cortex42 that taught me some useful information.