Redcross

anyone who has rooted this box ,
i’ve a critical 2 problem with s**m*p one with connection dropped
other is ssl can’t establish SSL connection
even tried flags for agent ,ssl,keepalive ??

@mitoOo said:
anyone who has rooted this box ,
i’ve a critical 2 problem with s**m*p one with connection dropped
other is ssl can’t establish SSL connection
even tried flags for agent ,ssl,keepalive ??

I keep struggling with the same problems on that part…

I have found the source file for i***tl

My C foo isn’t strong. Has anyone looked at whether there is a flaw in the in******ve mode rather than having to reverse the binary?

After some serious enumeration, I believe I’ve found the (intended?) route and think I know what to do to get root after finding some useful information hidden away in the a* file. Would someone be able to help validate my approach? Thanks. :slight_smile:

I’m failing to find the entry point. I’ve done quite a lot of enumeration, but still can’t find any way to get in. May anyone give me a small small hint to push me in the right direction?

got ssh login but fails to do more… please help…

any hint on how to escalate after executing RCE from www* to p******e

@mitoOo said:
any hint on how to escalate after executing RCE from www* to p******e

Haha, it took me a lot of time to figure it out, since I connected with www* first as well :slight_smile: the only way I know how to accomplish what you are looking for is to go a step back and enumerate the machine again once you can do your staff within a* panel :slight_smile: but I think you can go straight to the root as www and not necessarily by using the BOF method

@CaptainBounty said:

@mitoOo said:
any hint on how to escalate after executing RCE from www* to p******e

Haha, it took me a lot of time to figure it out, since I connected with www* first as well :slight_smile: the only way I know how to accomplish what you are looking for is to go a step back and enumerate the machine again once you can do your staff within a* panel :slight_smile: but I think you can go straight to the root as www and not necessarily by using the BOF method

??? could u explain further?

sure, see in PM

learned some new things from this machine. if anyone has problem feel free to pm :slight_smile:

I’ve managed to do my XSS work once, but can’t manage to make it work again. Can I contact anyone to see what I am missing?
Tried a LOT of payloads already…

Could someone take a look at what I am doing in msf right now? I get a weird ■■■ error

hmmm nvm

So i got “default” access to the intra panel, did S** I******** , got hashed creds. Started cracking, this is gonna take way to long… Read the board messages, and is now looking to find what i believe is two other panels. That i believe should be subdomains, anyone wanna give me a nudge on PM regarding how to start looking for these? I ran both nmap bruteforce and dnsmap, but i think it’s the wrong way to go due to the DNS being set in e**/h****. Anyone?

I’ve gotten the first login with gt:gt that takes me to the message portal. I’ve tried to brute that for an admin account and nothing. I also tried to wfuzz the directories. Not seeing this 2nd or third login page.

Finally rooted this machine. Great work with this! Some people thought it was a little too CTF-like, but I beg to differ. It was pretty realistic. Really crafty way to get root without going the BOF route.

Can someone who actually did go the BOF route send me a DM with details on how they were able to do it?

HI all,
was able to login with default credentials. But not able to proceed after that. Saw S***
But not able to exploit it. Can someone give me a hint here?
Thanks.

Edit.1: GOt the messages and Moved to next login page. Stuck there again. Hope this is the last one in guessing game.

Edit.2: Got another *****admin. Trying with default Credentials. Any hints here? Thanks.

@sesha569 said:
HI all,
was able to login with default credentials. But not able to proceed after that. Saw S***
But not able to exploit it. Can someone give me a hint here?
Thanks.

Use s****p to extract the data.

So I’m able to login to the a**** panel and tinker with the fw/u*** settings, but I’ve been stuck for a couple days making any progress from there. I’m stuck in a jail with the account I’ve created, not optimistic about getting out. I was able to get RCE with an exploit on a certain mail service but I’m having trouble converting it to a shell. I’m thinking I need to find RCE from somewhere in the a**** panel, but having trouble locating it. Am I headed in the right direction?