Vault

I can’t find anything I have used the directory-list-2.3-medium.txt and common.txt help me plz

@ch7 said:
I can’t find anything I have used the directory-list-2.3-medium.txt and common.txt help me plz

This question is lacking some context. If you haven’t gotten any access at all, though, I’d suggest thinking about what file extensions are in use here and scanning for files ending in those.

@0x29A said:
For example, if someone wasted six hours digging through an ISO, maybe they’ll think twice about doing that again next time they run across one and mark it low priority. Maybe they’ll take note about what the ISO contains (could be a hint) and just continue on. Maybe they’ll learn how to md5 or sha1 the ISO file and see if it’s a stock image. If it’s not, maybe they’ll learn how to diff the ISO file with a stock ISO so they aren’t forced to dig around the entire thing.

Similar lessons may be learned from just about any rabbit hole.

Look at IppSec’s videos and how quickly he dismisses most rabbit holes. You think he does that in practice? I do. How do you think he learned such intuition?

Regarding things like login rabbit holes: at each layer in the hacking process, you should follow the standard steps. The first being recon. For example if you see a login form half way through your recon process and you immediately start hitting it with a brute force, you’ve just violated modus operandi. It’s not until that doesn’t even work that you continue your recon…so why not have continued that in the first place in order to gather all of the puzzle pieces? I like to call them “dots.” Once you have all the dots, you’ll have the beginning of your attack surface graph. You can start performing more systematic research on each of their attack vectors, forming relationships with other dots, and determine routes to your final goal. Finally, you can map out the shortest cost, least noisy, shortest path, etc to reach your goal. Most, if not all, of the rabbit holes at this point will be obvious in your graph.

Learning how to be pragmatic and how to frame your problems accordingly may not always save you time, but it will save you the headache of guessing and working with unknowns and eventually dissolve your reliance on script kiddie tools and methodologies. Most importantly (imho), it will make you quieter in real life encounters.

Edit: Slightly off-topic rant: To all of the cheaters out there: This is a learned skill. A talent. An art. And it’s required. If you request help from someone and they provide a spoiler, either discard it or learn from it, don’t live by it, and certainly don’t pass it on. If you must (e.g. team member, close friend, or something), explain to them what you learned from it rather than just copying & pasting the solution, because that does neither party any good. Plus, spending the extra ten minutes it takes to digest the solution and explaining it to yourself and then to your friend will totally be worth it, trust me. For example: Someone asked me for help on a simple binary exploitation. I could’ve just pasted him my ~50 byte payload and maybe tried to answer some questions following that, but instead I took 20 minutes out of my day and wrote a fairly detailed write-up specifically for him on how it was done. It taught him how to do it, I learned a couple things merely explaining each individual step, and if he ends up sharing it, so be it… there’s no copy & paste solution, just reading material for others. Sure there’s a leader board, but we don’t – shouldn’t be measuring epeens here, we’re all intellectuals. We should all think of ourselves as students and teachers. Do your part in the community. Learn together!

^^^MOOD, but seriously, rabbit holes have thought me quite a bit almost mirroring the example given, there are numerous boxes that i’ve been able to fly through that is see other people stuck on because of the stuff i learned following rabbit holes. They even taught me how to move files to do things locally in the background while i have tmux open doing other things etc etc. Rabbit holes are honestly great for making people slow down and process everything in front of them which i can say definitely helps in the RW/wild.

This machine was insane. I really like it because I learn a lot.
PM me for hints about this cool machine :slight_smile:

So I managed to get shell fairly easily but really stuck on how to pivot to the D*S server. I have all the creds on the server that I can see but the tunneling just doesn’t make sense to me in this context.

I have watched both of Ippsecs poison and Arekei video but am still lost. If anyone could lend a hand that would be awesome :slight_smile:

Thanks guys

Edit: Managed to get the .o*** con***r bit but can’t seem to get a callback like some of the posts above. Anyone got any tips or places I can look at? Been looking at a medium article but hasn’t helped much so far.

Edit2: Finally got a callback! got creds now looking to move from D** box to the V****. Looking for a nudge in the right direction, I have been looking at the log files and found the n*** but that’s it so far mmm

Edit3: Got ROOT! Loved this box thanks so much to the creator that was such a cool fun way to get root. Onto the next box!

Awesome box, thanks @nol0gz!

Rooted, Great box, learned quite a bit, and thanks to @H4tt0r1 for giving me a push on getting to the DNS box

‘usered’ . I feel myself on a tree with this machin. So many ‘side branches’ :smiley: THX God not downloading the huge .i** file. I am on mobile net and wanted to skip as long as it is posible . got user without huge file. I hope it is not needed for root

@ykataky said:
‘usered’ . I feel myself on a tree with this machin. So many ‘side branches’ :smiley: THX God not downloading the huge .i** file. I am on mobile net and wanted to skip as long as it is posible . got user without huge file. I hope it is not needed for root

Can confirm it’s not needed. :smiley:

hmm I lost on firewall I think i have to jump to port 4* * 4 via FW onto vault (...2) I have a new ssh creds for d**e on the next upcoming server and saw networking config on DN But no idea how to jump. From where.

rooted. ykataky{HINT}I dont remember when was the last time I had to use so many tunnels :astonished: It was Fun thx creator

anyone could give a me hint (not spoiler) in how to proceed with the G** file?
Do I need to copy that file to my machine or do everything at Vault box?

@bokanrb said:
anyone could give a me hint (not spoiler) in how to proceed with the G** file?
Do I need to copy that file to my machine or do everything at Vault box?

Hi there, I have PM’d you.

All the tools associated with text-based file transfer were missing in V???t. In the end, I’d to rely on snake language to encode the g?? file. Even so, the executable was partially hidden.

:+1:

@limbernie said:
All the tools associated with text-based file transfer were missing in V???t. In the end, I’d to rely on snake language to encode the g?? file. Even so, the executable was partially hidden.

:+1:

There’s a secure way of transferring the g* file out from V. :wink:

I only had a single tunnel. The rest of the way to the V???t was through good ol’ secure shells. :lol:

Very nice machine, just rooted it and so far this is one of the real life case scenario machines. :+1:

Hey everyone, having trouble with the RCE in the o**n part. Tried everything I can think of… Im clearly misunderstanding something. If someone could give me a slight nudge in the right direction please PM me :slight_smile:

Hey Guys, I’m really stuck to go from D box to V box. I just don’t find any path, I already read the discussions here but still stuck …
Can someone PM me for a little nudge please :frowning: ?

EDIT: NVM got it after a reset of someone !!

i lived three days in “vault” to get root flag. thanks “nol0gz” for this maze :slight_smile: