Redcross

Got root finally. Thanks @ASHacker for your awesome help and hints :slight_smile:
PM me for hints.

Rooted. Thanks for the help guys

Rooted without using bof method. Moving onto bof next. Anyone got root directly from *n*ra portal? Think I found an RCE but working around url encoding issue. PM if you have, would love to know how you managed it.

Great box by the way, found it to be very realistic.

Got root!!!

Stuck at pe***e user. Any hints on how to get root?

Rooted via an easy-ish method. Went from www-data to root skipping user.

Tried a bit of BO, however, didn’t manage to crack it. Don’t think I’m good enough with that yet… :slight_smile: Great box for testing out a few different things. Would love to know how to get root via BO though if anyone would like to send a PM to get me on the right track. :wink: It’s an area I’m trying to improve after really enjoying frolic, however, this seems to be a bit of a step up!

Cant seem to find RCE can someone PM me please. Been playing around with posts and a certain mailer exploit for over a day, getting pretty frustrated.

I think i see all of the login panels. I have a form of s**-I****** working, but cant view data, s****p always shuts the server down for about a min when trying to automate it… just need a little help if you have time

Are we supposed to be guessing credentials on the a**** panel or the i**** subdomains? Guess the box eh.

Type your comment> @InfoSecGuy23 said:

Are we supposed to be guessing credentials on the a**** panel or the i**** subdomains? Guess the box eh.

I’d like to figure that out too lol… Been stuck with hydra/manual for a while. Got the gt/gt stuff. Tried to brute force with the “desired” user or ad*** no luck…

I’d like to figure that out too lol… Been stuck with hydra/manual for a while. Got the gt/gt stuff. Tried to brute force with the “desired” user or ad*** no luck…

Nevermind, looks like I don’t really need those, just the g***t should be enough…

I’ve read on this thread that cracking the hashes with john for at least one user would take less than 5mn… Been at it for hours. This is for c****** user

lduros:redcross$ /usr/sbin/john --format=b**** c******
Using default input encoding: UTF-8
Loaded 1 password hash (b***** [B***** 32/64 X3])
Cost 1 (iteration count) is 1024 for all loaded hashes
Proceeding with wordlist:/usr/share/john/password.lst, rules:Wordlist
Proceeding with incremental:ASCII

Has anyone really made this work? I’ll keep trying with different lists…

stuck at www-data with lots of interesting information

A good box @ompamo. A lot of guesswork at first, but when you know what to do, its all clear. Root was rough for me. Thanks to those who gave small nudges

Hi my friends,
i am lost in redcross :frowning: i found the page where i can login to the i****.redcross.***
but i have no idea where to get the name or the password. i thoght to hydra but thats should not the way i think. Gobuster or all the other tools for webenumeration found nothing.
Can someone give me a push in the right direction please ?

Hi
I have seen the haa s* server and i know the m** exploit for it but the paramerts srvhost and srvport are not letting me run it. Can anyone tell me as to how to solve it?
Thank you

I was not able to do the BoF and was pointed in another direction. As a result I managed to create a user with gid=0 however I still cannot read root.txt as permissions are

-rw-------

If someone want to PM me that didn’t do BoF I would be grateful

EDITED

Never mind, rooted. Thanks to everyone that gave hints

i’m stuck at an.*****.htb. I found pma subdir but not able to proceed further. Am I going down a rabbit hole if I continue probing pma, or am I going the right direction?

finnaly got root, by the p**l change my user’s group to get high permission, but u have another way to get root, plz pm i want to know that way.

I have the hashes and cracked one of them. But I can’t find the other login. I’ve tried 10k sub prefixes. What am I missing?

Nvm: I’ve was looking for something that I’had already found…