Hint for HELP

Hopefully these are helpful hints without giving away too much:

User - Don’t always assume you’re doing things wrong. If you have a tool to help you exploit something, don’t assume it will work as-is.

Root - Stick to the basics to enumerate the system to find out what is on there.

As some others said, you can go about getting user by just focusing on the first service you see, but the other service you see is a good learning experience to help you get a foothold.

Rooted twice (two different methods).

Is it just me or does the method to find payload only work some of the time? I can’t get it to work reliably, it’s pretty frustrating.

port XXXX is down any body online now…?

I need a bit of help with the time travel, I believe I have the right path and time, but it is not finding my payload…

I really enjoyed this box :slight_smile: seems to be PWK/OSCP like and has a little bit of everything!! Tricky but in a very good way!!!

Thanks a lot @cymtrick

Rooted it, anyone need some nudge can dm me :wink:

Hmm… I get the references to time travel and have been working on that on things that should get uploaded, and a thing you might make in Excel on the other port that gave me credentials.

I have ‘made’ the correct URL as the googleable exploits may not be quite pointing to the right place (confirmed via github) - I have the correct skew or near enough and have changed the script to give a range of a few units of measurement either side to ensure it’s caught, but I can’t find my upload that is legit. let alone the ‘errored’ ones.

Can I get directly to this from the thing you might make in Excel? I couldn’t see anything other than creds… which makes me wonder how people got to it directly from the other site, you presumably need those creds?

I am sure I am missing something painfully obvious.

Got the box, however, I feel like maybe I didn’t properly utilize the creds on port XXXX. Were there anything more to them than the webapp? Pretty sure I could have exploited the webapp without creds.

@billbrasky said:
Hopefully these are helpful hints without giving away too much:

User - Don’t always assume you’re doing things wrong. If you have a tool to help you exploit something, don’t assume it will work as-is.

+1 – I’ve seen instances where a tool explicitly caused any IP with 0 in it to error; presumably for no apparent reason other than to troll skids, but one wouldn’t know it without a code review; the takeaway is that there’s value in troubleshooting tools instead of just assuming it’s your fault right away.

I’ve got credentials from port XXXX and access to the url paths of my uploads on the webapp but I would really appreciate a nudge on how to get my payloads to work.

Someone can give me some nudge for get credentials? Thx anyway

I would like to learn how to do all the ways

Anyone can please give me more hints on po** XXXX? as mentioned by @1NC39T10N I know what to look for on that po** but I can find endpoint he mentioned.

Thanks!

Edit:
For the port XXXX as @1NC39T10N mentioned:

Note: you will NOT find anything using most wordlists. So gobuster or dirb (etc) are useless here
Hint: Not every wordlist have everything :slight_smile:

Found the endpoint but stuck on next part, need help now lol.

How to get those creds!! any hints

@SpZ can you PM a hint?

Is needed to know the time zone of the box?

Rooted. Not sure if root was the intended way or not. Happy for someone to PM me

@wish said:
How to get those creds!! any hints

I used a chrome extension to run a query on that endpoint (like the dude said to).

I got root and i must say i have learned a lot from this box. Just want to say thanx to @cymtrick once again. Enjoyed it big time. :slight_smile:
I am however interested in the alternate way to get user and root. If someone could pm me regarding this it would be great.