Teacher

@Phrenesis2k said:

@xeto said:
Do i have to click through more than 1000 files for the password? I mean what the ■■■■ is this? :confounded:
No, there is a hint to a file on one of the webpages.

Thank you, this hint helped me. I then used w***z and a small txt to try different passwds.

Any hint for the user? i got the shell as www-data but now i cant find a way to user.txt…

@Shocke said:
Any hint for the user? i got the shell as www-data but now i cant find a way to user.txt…

@Skunkfoot said:

@Saranraja said:
Hi friends please someone help for teacher box i am stuck i got reverse shell
help me guys through PM

Everything you need is already in this thread. I refuse to help someone who’s too lazy to read the thread. The only hint you need right now is literally the last post before yours.

@Sh11td0wn said:
Try enumerating all the running services that could be useful.

And we have another one. If you did already read the thread and the hints don’t make much sense to you, or you need to ask some specific questions, post that. Simply saying “guys, idk what to do” is unacceptable imo.

uhh, what a box!!! on my way to root I had to learn that
chmod -R
isn’t working like I suspected it does… So, it is important where you try to execute it…

so far so good - in via unprivileged user

usual enumeration done, suid files, services etc - Apparently there is an “interesting service” running

usual commands run to show all services - there is nothing that i would call interesting running ?

@Shocke said:
Hi guys, im new… Can someone give me an hint on how to find the password for the user G******* for the login form on the m***** directory?

EDIT: i got it XD

@ZaphodBB said:
so far so good - in via unprivileged user

usual enumeration done, suid files, services etc - Apparently there is an “interesting service” running

usual commands run to show all services - there is nothing that i would call interesting running ?

I’m looking for that same “interesting service” but can’t figure what it is. Probably it’s something obvious and i’m overthinking it. Grrrr!!

It seems only the good die young and I want to live a good old age so I think a little bit of evil adds spice to my life. I can’t seem to find the right formula for my tasty treats so if anyone can help me cook up a recipe that doesn’t give me indigestion please pm me.

Edit: Done and dusted. Thanks greatly to @Shocke for the pointers.

@Locutus said:
It seems only the good die young and I want to live a good old age so I think a little bit of evil adds spice to my life. I can’t seem to find the right formula for my tasty treats so if anyone can help me cook up a recipe that doesn’t give me indigestion please pm me.

Check PM…

That feel when you’re right up in that b* and someone resets

Am I the only one who found the initial password and username within 5 minutes but cannot login because the m***** site says that the username or password is incorrect? What the ■■■■ is happening here? Found the hidden file and the hidden answer put it together and still failing… What the heck?

@MTOTH said:
Am I the only one who found the initial password and username within 5 minutes but cannot login because the m***** site says that the username or password is incorrect? What the ■■■■ is happening here? Found the hidden file and the hidden answer put it together and still failing… What the heck?

Tried G**, g**,G*******,g******* but still no luck…

@MTOTH said:
Am I the only one who found the initial password and username within 5 minutes but cannot login because the m***** site says that the username or password is incorrect? What the ■■■■ is happening here? Found the hidden file and the hidden answer put it together and still failing… What the heck?

Took me 39 tries, less than 2 minutes. You have one login that works and one that don’t so you can setup automation to tell between valid and invalid and bruteforce what you need to bruteforce.

@ashr said:

@MTOTH said:
Am I the only one who found the initial password and username within 5 minutes but cannot login because the m***** site says that the username or password is incorrect? What the ■■■■ is happening here? Found the hidden file and the hidden answer put it together and still failing… What the heck?

Took me 39 tries, less than 2 minutes. You have one login that works and one that don’t so you can setup automation to tell between valid and invalid and bruteforce what you need to bruteforce.

I think I don’t need to bruteforce because i have found the missing path of the password as mentioned earlier. My problem that I have to found the correct username …

so what is this so called “interesting service” - could do with a nudge unfortunately

Fun little box, although I’m sure I’d have been pissed all the way through if I had to do it on a free server. The most obvious way to privesc basically ruins it for everyone else on that machine.

@MTOTH said:
I think I don’t need to bruteforce because i have found the missing path of the password as mentioned earlier. My problem that I have to found the correct username …

You have the correct username!

cant find the username!!! I tried and all the combinations G*******, g******* what am I missing!

@dplastico said:
cant find the username!!! I tried and all the combinations G*******, g******* what am I missing!

Maybe your password is wrong.

Admins - Ignore / delete

Edited

So that was weird. left it for an hour or so - went back to it and no more error message

(had originally tried on free + VIP servers and got the same error on all)