Hint for HELP

Would anyone be willing to give me a hint with timetravelling ? Iā€™m confused why thereā€™s an issue sine time() is epoch and machine is set to correct date/timeā€¦

Type your comment> @5nak3Eyes said:

I have rooted the machine with public exploits but would like to do it with node js and credentials way. Can anyone please nudge me in right direction?

I am in the same boat. The typing error in that log file seemed interesting but couldnā€™t get my head around it. Any tips?

Type your comment> @krypt said:

Type your comment> @5nak3Eyes said:

I have rooted the machine with public exploits but would like to do it with node js and credentials way. Can anyone please nudge me in right direction?

I am in the same boat. The typing error in that log file seemed interesting but couldnā€™t get my head around it. Any tips?

This one also involves a google search and working your way up from the source code.

Hi
Could someone help me with the initial foothold?
I was trying to upload a shell but I donā€™t find the file after upload.
I was checking the exploit exactly where to find the uploaded file but no chance. The file canā€™t be found.
Could some one give me a hint?

Can someone PM me with some help on the time traveling and/or the high port enumeration? I want to work through both of them for the experience but Iā€™m hitting a wall

Got User! It was a really good learning experience with this box! Gonna try to get root altought I dont know where to start as I never did a privesc before. If you guys could link me something to read about would be great!

Also if anyone want some help with user, just PM me! I am a beginner but I wil try my best to help you all :slight_smile:

Something to keep in mind for those trying the unauthenticated way:

What is the script doing to generate those filenames? If you have someone in Germany and someone in the United States, would the results be different? Why is the script iterating the range backwards and should that range be manipulated?

Got user and have been stuck on root for about 2 days now, can anyone nudge me in the right direction?

Got user, stuck with root. I tried xp***, but it is not working. Can anyone please PM me? Any direction will be helpful. Thanks!

Finally Rooted!
If anyone got user with the ā€œIntended wayā€ (high port) can you plz tell me how ?
I donā€™t know how to enumerate this kind of applications.

For general tips I think everything was already said.
If you need any help just pm me and tell where you are and what youā€™ve tried

Got Root!

If this is your first time doing a linux privesc (like myself), you are gonna need some basic research. Google videos/articles to basic privesc, they ALWAYS talk about the method you need to get root on this machine.
But the tricky part, especially for beginners is not the ā€œendā€ is the ā€œmeansā€.

Anyway,. great box @cymtrick I learned A LOT with this! If anyone need help PM me!

yey rooted \o/
No need for me to get credentials for user and root.
Hint for User:

  1. Try increasing the range or think about timezones
    Hint for Root:
  2. If the heart is unpatched all the software on top should not care you

Rooted!

Didnā€™t even used n**.j* but I found the creds, user and root. Itā€™s a simple machine only by the assumption that you know exactly what you should do. So in order to know what do do, my tip is: google EVERYTHING, specially the software youā€™re trying to penetrate.

PM for hints.

Finally rooted.
Boys and girls read the fucking source, understand what the server is doing and whatā€™s happening to your files

PM for hints

Been stcuk for days trying to find the shell file on the webapp using the 40***.py exploit. If any wanna help me send me PM. THANKS

Type your comment> @auFlamel said:

Been stcuk for days trying to find the shell file on the webapp using the 40***.py exploit. If any wanna help me send me PM. THANKS

NVM just got in

I am unable to figure out time difference. I tried bruteforcing. But in vain. Can anyone help me, pls

Went for the high port approach, was able to log in with the found credentials and do some sql magic.
found admin credentials, but am unable to use them to log into the lower port page. Am I barking up the wrong tree?

Can I get a hint on the exploit? Canā€™t figure out how to find my php shell.

Could somebody PM me about privesc? People are saying its easy but im really bad at it :expressionless: