Rooted, for a box of 20 points itās not easy at all.
Iāve done two methods of getting into the webapp as an unprivileged user and as an administrator.
With the second method do I get a shell using a similar method as without auth or is there another way?
I want to explore more ways than just the unauth way.
I used the blind SQL way to get administrator in the webapp. Is there a particular method besides similar to the easy way to go after a shell?
If the easy way didnāt exist as a vuln but the sql injection still did should I expect to find a way to shell?
I want to make sure I practice the intended ways fully.
I obtained root, but it felt like I was doing so reusing the easy way even though I did use the SQL method.
Assuming the easy way didnāt exist but SQL method did anyone could PM tips on how you would go about getting a shell?
For those of you unable to escape for reverse shell, read the code and ask yourself ādo I really need to escape?ā
machine always got reset while iam using sqlmap
Can someone confirm the time travel year is 2 years prior to the release of war games staring Matthew Broderick ?
I am so confused, I managed to get user without too much trouble, but now Iām struggling super hard with root, unlike everyone else on this box ahhh! If someone could give me nudge for root I would really appreciate that!
@bluealder said:
I am so confused, I managed to get user without too much trouble, but now Iām struggling super hard with root, unlike everyone else on this box ahhh! If someone could give me nudge for root I would really appreciate that!
Also struggling to get root. Help would be appreciated.
@shadowdriu said:
@bluealder said:
I am so confused, I managed to get user without too much trouble, but now Iām struggling super hard with root, unlike everyone else on this box ahhh! If someone could give me nudge for root I would really appreciate that!Also struggling to get root. Help would be appreciated.
Legit got it 5 mins after posting this, was strugling on it for a day or two ā ā ā ā . PM if you need a hand
This was great, thanks @cymtrick ā¦ Iāll be honest, user threw me for a bit and i did have to dip into the forums so thanks for all of the t*** t***el talk lolā¦root was game over after about 20 minutesā¦very cool!
//hints
User: Donāt pull your hair out. Well documented, pay close attention to stuff that you normally donāt care about
Root: Old skool, donāt reinvent the WHEEL :bleep_bloop:
@shadowdriu said:
@bluealder said:
I am so confused, I managed to get user without too much trouble, but now Iām struggling super hard with root, unlike everyone else on this box ahhh! If someone could give me nudge for root I would really appreciate that!Also struggling to get root. Help would be appreciated.
Hey. Try looking at some of the most basic and first steps you do when priv escāing. g0tmi1k has a nice list of things to try.
Nice machine enjoyed this one.
User: read the exploit really carefully and follow exactly what you should do, if you did a dirb run there should be a directory which make the most sense for the uploaded tickets. no code changes in the script needed.
Root: as Spiderixius wrote: g0tmil1k has a nice list and searchsploit is your friend
Hello, Iām trying to go throw the N*** service, but I canāt find the endpoint someone could give me some hint?
Hello, Iām stuck at the high-level port. I found the endpoint but just cannot get my query right. Some help would be greatly appreciated.
@blueorchid said:
Hello, Iām stuck at the high-level port. I found the endpoint but just cannot get my query right. Some help would be greatly appreciated.
Any hint for the endpoint?
any hint @takeiteasy ???
Hello guys, can someone help me please on this machine ā¦ iām stuck ā¦ thanks in advance <3
@m4rc1n said:
Now Im really confused. I used the REST alternative to get user and its hash (with one of the previous posts its easy). I cracked the hash and have also password. tried to log in via the lowest port and cannot. What am I missing?
likely someone has changed the password, there are a to of trolls on this box
Not sure if something changed on this box, I was previously able to āsubmit a ticketā using a bypass and āfind my ticketā afterwards. But now I canāt find my uploads, even if I upload jpg/txt/etc. Did something change on the box?