Hopefully these are helpful hints without giving away too much:
User - Donât always assume youâre doing things wrong. If you have a tool to help you exploit something, donât assume it will work as-is.
Root - Stick to the basics to enumerate the system to find out what is on there.
As some others said, you can go about getting user by just focusing on the first service you see, but the other service you see is a good learning experience to help you get a foothold.
Hmm⌠I get the references to time travel and have been working on that on things that should get uploaded, and a thing you might make in Excel on the other port that gave me credentials.
I have âmadeâ the correct URL as the googleable exploits may not be quite pointing to the right place (confirmed via github) - I have the correct skew or near enough and have changed the script to give a range of a few units of measurement either side to ensure itâs caught, but I canât find my upload that is legit. let alone the âerroredâ ones.
Can I get directly to this from the thing you might make in Excel? I couldnât see anything other than creds⌠which makes me wonder how people got to it directly from the other site, you presumably need those creds?
I am sure I am missing something painfully obvious.
Got the box, however, I feel like maybe I didnât properly utilize the creds on port XXXX. Were there anything more to them than the webapp? Pretty sure I could have exploited the webapp without creds.
@billbrasky said:
Hopefully these are helpful hints without giving away too much:
User - Donât always assume youâre doing things wrong. If you have a tool to help you exploit something, donât assume it will work as-is.
+1 â Iâve seen instances where a tool explicitly caused any IP with 0 in it to error; presumably for no apparent reason other than to troll skids, but one wouldnât know it without a code review; the takeaway is that thereâs value in troubleshooting tools instead of just assuming itâs your fault right away.
Iâve got credentials from port XXXX and access to the url paths of my uploads on the webapp but I would really appreciate a nudge on how to get my payloads to work.
Anyone can please give me more hints on po** XXXX? as mentioned by @1NC39T10N I know what to look for on that po** but I can find endpoint he mentioned.
I got root and i must say i have learned a lot from this box. Just want to say thanx to @cymtrick once again. Enjoyed it big time.
I am however interested in the alternate way to get user and root. If someone could pm me regarding this it would be great.