Hint for HELP

@SpZ can you PM a hint?

Is needed to know the time zone of the box?

Rooted. Not sure if root was the intended way or not. Happy for someone to PM me

@wish said:
How to get those creds!! any hints

I used a chrome extension to run a query on that endpoint (like the dude said to).

I got root and i must say i have learned a lot from this box. Just want to say thanx to @cymtrick once again. Enjoyed it big time. :slight_smile:
I am however interested in the alternate way to get user and root. If someone could pm me regarding this it would be great.

Before the last reset I was able to upload a thing, now i can’t. I’m assuming the box has been updated then?

If that’s the case, i’m not sure what to do now that i can login to the webapp; I still can’t upload what i want to, and i can’t figure out how i might upload it to the other part of the site.

Can anyone confirm if the other method of getting user (IE the one that only uses port 8*)

Also interested in hearing alternate root/user methods.

@iseethieves I can confirm port 80 unauthenticated method still works.

I’m curious on the method that focuses in the other port :stuck_out_tongue: If somebody wants to share I rooted it with the other path.

Rooted the box. User was not too easy but root was very easy. If anyone needs a hint feel free to PM me.

I don’t understand how the information gained from port XXXX was supposed to be used, even after using it I didn’t seem to have extra privileges than an unauthenticated user.

If somebody could DM me with the alternative root privesc I’d be happy, got it the obvious way but couldn’t easily see an alternative.

Rooted this box…never touched the n****s service at all. Odd that it’s there and seemingly unnecessary. Can someone else who rooted this box explain via DM what’s the purpose of that service, and how it can be used for foothold? Lots of people marking this box as a piece of cake but I found it to be fairly complex. I must have missed something that’s going to make me feel like an idiot.

service running on ****.js is an alternative for the REST. it is gaining popularity and major companies are shifting towards it because of flexibility and easiness during communication. Instead of 100 rest api calls this service can pull data at once. Not only js but this service can be used on any backend technology. It is fun to learn.

I’ve been going in circles for a few hours now. Have made no progress. I’ve managed to find a mention to Shiv, but have failed to find any credentials. There was a header with some a request and response but I have not found anything useful. I have also been searching how to leverage n***.js but have had no luck. Just a bunch of failed attempts at getting a reverse shell by listening to port 80 while trying different q=require’… commands in the url, which is from googling abunch of stuff about it. The learning curve I am attempting to climb is a bit steep, can i get a push?

Any hint on how to get that shell up on page ? Note: I find my jpg when i upload it, just cant upload a functional php.

Strange…

The most used method to gain root is not working anymore? xD

edit:

Nvm, rooted. lol…

@ntroot said:
Any hint on how to get that shell up on page ? Note: I find my jpg when i upload it, just cant upload a functional php.

Ah nvm. got it :slight_smile: Why is it always when i post i get the answer by myself in next 5 minutes. LOL !

Get user credential but where can i use them? Looking for webapp but can’t find!

anyone willing to pm me and check my script/methodology on the app. I’ve had some connections back from the app, that then terminate? not sure whats going on?

Completed this machine if any one need help feel free to pm :slight_smile:

Rooted
User: i used the first method on the first port :stuck_out_tongue: would still work my way on the other method later
Root: was pretty easy and obvious

Keep it simple and don’t be too lazy