Hint for HELP

Rooted twice (two different methods).

Is it just me or does the method to find payload only work some of the time? I canā€™t get it to work reliably, itā€™s pretty frustrating.

port XXXX is down any body online nowā€¦?

I need a bit of help with the time travel, I believe I have the right path and time, but it is not finding my payloadā€¦

I really enjoyed this box :slight_smile: seems to be PWK/OSCP like and has a little bit of everything!! Tricky but in a very good way!!!

Thanks a lot @cymtrick

Rooted it, anyone need some nudge can dm me :wink:

Hmmā€¦ I get the references to time travel and have been working on that on things that should get uploaded, and a thing you might make in Excel on the other port that gave me credentials.

I have ā€˜madeā€™ the correct URL as the googleable exploits may not be quite pointing to the right place (confirmed via github) - I have the correct skew or near enough and have changed the script to give a range of a few units of measurement either side to ensure itā€™s caught, but I canā€™t find my upload that is legit. let alone the ā€˜erroredā€™ ones.

Can I get directly to this from the thing you might make in Excel? I couldnā€™t see anything other than credsā€¦ which makes me wonder how people got to it directly from the other site, you presumably need those creds?

I am sure I am missing something painfully obvious.

Got the box, however, I feel like maybe I didnā€™t properly utilize the creds on port XXXX. Were there anything more to them than the webapp? Pretty sure I could have exploited the webapp without creds.

@billbrasky said:
Hopefully these are helpful hints without giving away too much:

User - Donā€™t always assume youā€™re doing things wrong. If you have a tool to help you exploit something, donā€™t assume it will work as-is.

+1 ā€“ Iā€™ve seen instances where a tool explicitly caused any IP with 0 in it to error; presumably for no apparent reason other than to troll skids, but one wouldnā€™t know it without a code review; the takeaway is that thereā€™s value in troubleshooting tools instead of just assuming itā€™s your fault right away.

Iā€™ve got credentials from port XXXX and access to the url paths of my uploads on the webapp but I would really appreciate a nudge on how to get my payloads to work.

Someone can give me some nudge for get credentials? Thx anyway

I would like to learn how to do all the ways

Anyone can please give me more hints on po** XXXX? as mentioned by @1NC39T10N I know what to look for on that po** but I can find endpoint he mentioned.

Thanks!

Edit:
For the port XXXX as @1NC39T10N mentioned:

Note: you will NOT find anything using most wordlists. So gobuster or dirb (etc) are useless here
Hint: Not every wordlist have everything :slight_smile:

Found the endpoint but stuck on next part, need help now lol.

How to get those creds!! any hints

@SpZ can you PM a hint?

Is needed to know the time zone of the box?

Rooted. Not sure if root was the intended way or not. Happy for someone to PM me

@wish said:
How to get those creds!! any hints

I used a chrome extension to run a query on that endpoint (like the dude said to).

I got root and i must say i have learned a lot from this box. Just want to say thanx to @cymtrick once again. Enjoyed it big time. :slight_smile:
I am however interested in the alternate way to get user and root. If someone could pm me regarding this it would be great.

Before the last reset I was able to upload a thing, now i canā€™t. Iā€™m assuming the box has been updated then?

If thatā€™s the case, iā€™m not sure what to do now that i can login to the webapp; I still canā€™t upload what i want to, and i canā€™t figure out how i might upload it to the other part of the site.

Can anyone confirm if the other method of getting user (IE the one that only uses port 8*)