Redcross

I’ve managed to do my XSS work once, but can’t manage to make it work again. Can I contact anyone to see what I am missing?
Tried a LOT of payloads already…

Could someone take a look at what I am doing in msf right now? I get a weird ■■■ error

hmmm nvm

So i got “default” access to the intra panel, did S** I******** , got hashed creds. Started cracking, this is gonna take way to long… Read the board messages, and is now looking to find what i believe is two other panels. That i believe should be subdomains, anyone wanna give me a nudge on PM regarding how to start looking for these? I ran both nmap bruteforce and dnsmap, but i think it’s the wrong way to go due to the DNS being set in e**/h****. Anyone?

I’ve gotten the first login with gt:gt that takes me to the message portal. I’ve tried to brute that for an admin account and nothing. I also tried to wfuzz the directories. Not seeing this 2nd or third login page.

Finally rooted this machine. Great work with this! Some people thought it was a little too CTF-like, but I beg to differ. It was pretty realistic. Really crafty way to get root without going the BOF route.

Can someone who actually did go the BOF route send me a DM with details on how they were able to do it?

HI all,
was able to login with default credentials. But not able to proceed after that. Saw S***
But not able to exploit it. Can someone give me a hint here?
Thanks.

Edit.1: GOt the messages and Moved to next login page. Stuck there again. Hope this is the last one in guessing game.

Edit.2: Got another *****admin. Trying with default Credentials. Any hints here? Thanks.

@sesha569 said:
HI all,
was able to login with default credentials. But not able to proceed after that. Saw S***
But not able to exploit it. Can someone give me a hint here?
Thanks.

Use s****p to extract the data.

So I’m able to login to the a**** panel and tinker with the fw/u*** settings, but I’ve been stuck for a couple days making any progress from there. I’m stuck in a jail with the account I’ve created, not optimistic about getting out. I was able to get RCE with an exploit on a certain mail service but I’m having trouble converting it to a shell. I’m thinking I need to find RCE from somewhere in the a**** panel, but having trouble locating it. Am I headed in the right direction?

Rooted this box.
Can I just say that having done so, I still have no idea how about some of the exploits I’ve seen people talking about here. Well done on this box.

Rooted this box the BoF way. Feel free to PM me about the BoF. :slight_smile:

Learnt a LOT of stuff thanks ! Special thanks to @CaptainBounty helped me on enumeration part.
The RCE was quite random to me, maybe I misunderstood something.

Anyone rooted the box the ph?nt?m?? way?

hi, can anyone give me a nudge, i got stuck for days now. i got some hashed and read about that they should be able to crack in a short timeframe… didn’t had any success. also with bruteforcing taking words belonging to this machine, e.g. redcross, the usernames and so an.
I also haven’t found any other webapp on port 443, tried several wordlists with dirbuster…

Got root finally. Thanks @ASHacker for your awesome help and hints :slight_smile:
PM me for hints.

Rooted. Thanks for the help guys

Rooted without using bof method. Moving onto bof next. Anyone got root directly from *n*ra portal? Think I found an RCE but working around url encoding issue. PM if you have, would love to know how you managed it.

Great box by the way, found it to be very realistic.

Got root!!!

Stuck at pe***e user. Any hints on how to get root?

Rooted via an easy-ish method. Went from www-data to root skipping user.

Tried a bit of BO, however, didn’t manage to crack it. Don’t think I’m good enough with that yet… :slight_smile: Great box for testing out a few different things. Would love to know how to get root via BO though if anyone would like to send a PM to get me on the right track. :wink: It’s an area I’m trying to improve after really enjoying frolic, however, this seems to be a bit of a step up!

Cant seem to find RCE can someone PM me please. Been playing around with posts and a certain mailer exploit for over a day, getting pretty frustrated.