Found the SN#*********, then manage to connect to the webserver but i dont really know what to do next ? any hint ? am i supposed to find an uploader ?
thx
EDIT : Got user, no uploader need for this, its called Remote Code Execution so try to find user entry and exploit it…
@agentsky said:
already login in the website. Problem now is where to go… some hint would be good…
BTW: reading the Tickets, do i need to check on those IP?
hey agentsky, how did you login to the web application? I have the chassi key and I have tried the with different usernames. Do i need to enumerate more?
Managed to read the user flag before I even spawned a shell. However, it confirmed my methodology was right for getting a shell. Now working towards root. Great box; learning a lot.
Hey guys. Is the machine broken or something?
I’m trying to log in to the Lyghtspeed page using the username found in the doc and S************3 as passwd but it keeps failing with Invalid username/password. Tried reseting the box but the problem persisted. Am I going on the wrong track?
@salamander said:
Hey guys. Is the machine broken or something?
I’m trying to log in to the Lyghtspeed page using the username found in the doc and S************3 as passwd but it keeps failing with Invalid username/password. Tried reseting the box but the problem persisted. Am I going on the wrong track?
First things first, merry Christmas and hacky new year!
I’m working to get root flag. I’ve studied the environment and the technologies that are beeing used. I´m learning a lot with this box. Thanks @snowscan <3
I think that I’m almost there but something isn’t working properly and needs some fine tune.
@HopeHasAPlace said:
hey guys so i did snmp_login from metasploit and i see it says successful.
but when I do snmp_enum everything shows up blank like this:
[+] 10.10.10.105, Connected.
[*] System information:
Host IP : 10.10.10.105
Hostname : -
Description : -
Contact : -
Location : -
Uptime snmp : -
Uptime system : -
System date : -
I have been using the Qu**** vt*** tool to make configuration changes and using tc***** to monitor traffic but I am not seeing any changes in traffic and my configuration changes seem to revert after a short period of time. Does the system automatically reset configurations after a period of time? Should I be able to see traffic differences after altering configuration?
@frankg said:
I have been using the Qu**** vt*** tool to make configuration changes and using tc***** to monitor traffic but I am not seeing any changes in traffic and my configuration changes seem to revert after a short period of time. Does the system automatically reset configurations after a period of time? Should I be able to see traffic differences after altering configuration?
There’s a cronjob which reverts the config. If you make the right change, you should see something.
@salamander said:
Hey guys. Is the machine broken or something?
I’m trying to log in to the Lyghtspeed page using the username found in the doc and S************3 as passwd but it keeps failing with Invalid username/password. Tried reseting the box but the problem persisted. Am I going on the wrong track?
The first three characters aren’t part of the pw.
Super thanks, to think I had the cred all this while.
I have the user.txt and I think I am a quite a good way into root. Is anyone available to PM and discuss if I am on the right track as I have been at this a few days and I really want to see this one through. Great machine by the way.
So, I’m gonna leave my own two cents here:
First of all this is really a nice box, user is rather easy and only requires some enumeration in the right places. Don’t focus only on HTTP for information.
Root is a bit harder if you aren’t familiar with the concepts & services/protocols behind it, but in the end it’s quite logical and pretty simple once you’ve read up on the topic and tried around a bit. (Also thanks @jkr for his help with root here)
If you need some help with this box (user or root), feel free to PM me for hints and also explanations, so you don’t end up with the flag but don’t really understand how everything worked in the end.
Also thanks to @snowscan for providing us a possibility to get to know this kind of attack and actually execute it ourselves once, too.
Finally got root. If you are not one of the networking guys it could be a suffer… In this forum there are a lot of good hints, if you put it together, you can get root. Try not to over-complicate things, you only need to change one simple thing in one of the configuration files. On a free server it could be really tough and time consuming to achieve your goals because of the constant resets and edits.
Thanks @snowscan this machine reminds me to one of the hardest machines at OSCP course… It taught me new things and I need to learn basic network stuffs…