Chaos

@xeto said:
I can not find anything to get into “wm” . Already found some creds but doesnt work. Pls any hint!! :anguished:

Use openssl’s s_client app!

■■■■, I’ve been wanting to make a box with one of these techniques for months!

I’m surprised so many people don’t like this box, I actually really enjoyed it. I thought all of the steps were pretty logical and straightforward, and I learned about new vulnerabilities and techniques for every step (except the “priv esc” since I already knew about it). The only thing I thought could be done better was the priv esc. I felt like there were things that simply had no point of being there, and there are known vulnerabilities for those things, but then the root password is just given to you and you don’t get to really play around with them at all.

If someone disliked this box and wants to discuss why, feel free to PM me, I’m always curious about differing opinions!

Thanks for the box @sahay !

Found the creds for w*****l. Dont know how to get there.

i managed to get a low priv shell, as w****-d**** dont know where to go from here i need a nudge .

@MrFlash24 said:
Found the creds for w*****l. Dont know how to get there.

Tired of people just posting their questions without reviewing previous posts that offer hints or answers to those exact questions. It’s almost as bad as people posting just to let us know they got root (surprise, nobody cares if you got root, this thread is here to help people who are stuck and discuss the box, not boost your ego).

To answer your question:

@DaChef said:

@xeto said:
I can not find anything to get into “wm” . Already found some creds but doesnt work. Pls any hint!! :anguished:

Use openssl’s s_client app!

And also:

@Skunkfoot said:
For all the people having trouble accessing the wm*, there are at least two ways to do it. You can either do it manually via command-line, which was a cool new learning process for me, or you can do it via your browser, which is much more user-friendly. However, I ran into an issue with this at first, I assume, because of my HTTPS Everywhere extension. I pulled it up on a different browser with no issues.

Im trying to decrypt the file… Can someone PM me to help me fix my decryption script?

If you struggle with finding w** m***: Check your initial enum and see if there is another ‘interface’ that might let you access the same thing using a different client. Actually, I only realized that wm is a thing at all when I examined the ‘items’ with this other technology.

got creds for we****l, but dont know what to do… Any hints…

I was able to decrypt the file. But that URL given from decrypted message did not work for me. Any suggestions?

I’m stuck on decrypting the file, i have tested some scripts but I always have an error. Could anyone give me a hint on how to decrypt it? I already know the key and the method to encrypt the file but i don’t know not exactly how to reverse the process.

EDIT: I found the right method to decrypt the file

@chitran said:
I was able to decrypt the file. But that URL given from decrypted message did not work for me. Any suggestions?

Check your etc hosts and resolv.conf files. Your DNS settings may be causing you to make a bad request.

I have decoded the message and got the link but am unsure of how to approach the service. Can someone PM me for a chat?

Rooted! I must say the beginning steps were frustrating, but I was able to learn something new from the privesc method! Thanks for the box @sahay .
Hints for user: enumerate everything and think like a lazy user/admin. If you get stuck decrypting something, there is a video out there that provides a great solution. After that, be sure to check your DNS settings!
Hint for root: don’t get caught in a wormhole overthinking the priv-esc; as has been said many times once you find user the path to root is literally right in front of you.

@Un4gi said:
once you find user the path to root is literally right in front of you.

So true. Unfortunately, unless you’re aware of this method, you problem wouldn’t even think to look there, so it might take some people a while to figure out. I liked it though :slight_smile:

Any help with the decryptor?
I can encrypt and decrypt my own files but not the one retrieved from the w*****l.
I’m using the password hinted at in the message. What gives?

Edit: Sorted now. I was looking at it wrong. Got some excellent help from @cortex42 that taught me some useful information.

@tiger5tyle said:
Any help with the decryptor?
I can encrypt and decrypt my own files but not the one retrieved from the w*****l.
I’m using the password hinted at in the message. What gives?

Are you running it like this?

python3 decrypt.py

@Skunkfoot said:

@tiger5tyle said:
Any help with the decryptor?
I can encrypt and decrypt my own files but not the one retrieved from the w*****l.
I’m using the password hinted at in the message. What gives?

Are you running it like this?

python3 decrypt.py

Yes

@tiger5tyle said:

@Skunkfoot said:

@tiger5tyle said:
Any help with the decryptor?
I can encrypt and decrypt my own files but not the one retrieved from the w*****l.
I’m using the password hinted at in the message. What gives?

Are you running it like this?

python3 decrypt.py

Yes

Hmm. PM @N30C0UNT, I think he had some similar issues and managed to figure out how to make it work

hi guys, I got the user (a…h) already , and now im working on priv esc .

but im stack, this is my second box, I hope someone could give me a hints for priv esc.

@Skunkfoot said:
@MrFlash24 said:
Found the creds for w*****l. Dont know how to get there.

Tired of people just posting their questions without reviewing previous posts that offer hints or answers to those exact questions. It’s almost as bad as people posting just to let us know they got root (surprise, nobody cares if you got root, this thread is here to help people who are stuck and discuss the box, not boost your ego).

To answer your question:

 @DaChef said:

@xeto said:
I can not find anything to get into “wm” . Already found some creds but doesnt work. Pls any hint!! :anguished:

 Use openssl's s_client app!

And also:

 @Skunkfoot said:

For all the people having trouble accessing the wm*, there are at least two ways to do it. You can either do it manually via command-line, which was a cool new learning process for me, or you can do it via your browser, which is much more user-friendly. However, I ran into an issue with this at first, I assume, because of my HTTPS Everywhere extension. I pulled it up on a different browser with no issues.

The Part about ppl who just post that they got root is awesome loled so hard.
But you are right I also get tons of PMs with question about stuff which was already disscussed…
Mobil view is quite fucking the Quote function…