I've found and can modify check= but I can't seem to execute anything. Not even the simplest of commands. I've tried different techniques but getting nothing back. Any hints?
@i4n said:
I've found and can modify check= but I can't seem to execute anything. Not even the simplest of commands. I've tried different techniques but getting nothing back. Any hints?
It seems to break often on the public server, hence all the resets. Sometimes, the "Verify Status" button on the Diagnostics page doesn't even return anything.
Just finished this box completely. I believe that @snowscan could have added an extra layer to this challenge since he had other containers to play around with.
@i4n Currently in the same position as you right now. I've found the parameter and have tried tweaking it but to no avail. Have you had any luck? I have a sinking feeling that my syntax is just wrong or something but I've tried everything I can think of. Guess I just need to try harder! Feel free to DM me if you want to brain storm.
I managed to login and get c*****d e*******n but i can't get a shell, i can only use commands trought the bug i found, any hint? (i also tryed a lot of reverse shell cheet sheet)
p.s. i got the user flag i just want a shell to better operate..
I got off to a blazing start and got user pretty quickly before hitting a brick wall. I had most of the parts together in my mind, but massive difficulty in putting them together. All in all, this was a fantastic challenge. I feel like I've learned more over the past few days than in the last year combined, and I'm very happy to have some experience with a new (to me) protocol under my belt. Massive thank you to @snox for helping me out! I love a challenge like this, where you come away with an understanding of something new, but more importantly, what areas I need to focus on. Hats off to @snowscan for creating this!
Mark me down as another one of those that has RCE, but is having trouble getting a shell to be more efficient/figure out what to do next. I'm pretty new to all of this, so wouldn't mind some tips!
Edit: of course I figured it out ten minutes after posting this.
After another big chunk of work I finally popped user. Turns out I was on the right track but overlooked a very simple concept. Turns out the answer for the RCE was staring me in the face. Thanks for all the help everyone!
I am stuck at root ... I dont have much knowledge with networking n all ..should i try rooting ? spend some time but reaching no where ...any hint is appreciated ..thanks
I'm not going to give up on this box. Despite spending way too long staring at the screen.
I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to 'user.txt'
I'd rather not be told the answer as I'm here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.
I'm not going to give up on this box. Despite spending way too long staring at the screen.
I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to 'user.txt'
I'd rather not be told the answer as I'm here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.
I'm not going to give up on this box. Despite spending way too long staring at the screen.
I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to 'user.txt'
I'd rather not be told the answer as I'm here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.
Many Thanks
Hi
Do not give up ... If you still need some direction pm me
Could you please show me a direction in privesc for carrier ?
I read about B** and A* .I understand that we have 3 As and our machine is in A1** ..
Its using q***** service with B** ...
I read from the t****** and found about the V** issue of connecting to an F** to 10.****** network .
I added the entry " network ******* " b**.c*** as
And use nc to listen ...
I know i am missing something here ..Am i in the right direction .It would be great if you give me a hint
Hi
I think I am very near ...
I have the f** req captured using nc ..I tried setting up p***** F** ser*** . but couldnt succeed...tc**** is not showing any data
Hardest box I've been doing so far. Finally rooted that b*tch. Thanks a lot to @snowscan for making this, I learned a TON of new stuff.
User is easy and there is plenty of hints already in this thread ; as for root, there are quite a few gotchas on the way to root.txt.
Some things that messed with me for some time : if you change the .conf of a service, be sure to write it and/or to restart the associated service so it gets accounted. Also, interface changes can be your friend. And last, but not least : be polite, say HELO.
Thanks a lot to @f1ndm3 and @Downloading for confirming I was on the right path, as well as @Xess , with whom it was quite fun to work
I'm not going to give up on this box. Despite spending way too long staring at the screen.
I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to 'user.txt'
I'd rather not be told the answer as I'm here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.
Many Thanks
EDIT: Got 'user.txt' now. Thanks to @sillydaddy daddy and @Xess for the advice.
Hardest box I've been doing so far. Finally rooted that b*tch. Thanks a lot to @snowscan for making this, I learned a TON of new stuff.
User is easy and there is plenty of hints already in this thread ; as for root, there are quite a few gotchas on the way to root.txt.
Some things that messed with me for some time : if you change the .conf of a service, be sure to write it and/or to restart the associated service so it gets accounted. Also, interface changes can be your friend. And last, but not least : be polite, say HELO.
Thanks a lot to @f1ndm3 and @Downloading for confirming I was on the right path, as well as @Xess , with whom it was quite fun to work
I'm not going to give up on this box. Despite spending way too long staring at the screen.
I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to 'user.txt'
I'd rather not be told the answer as I'm here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.
Many Thanks
EDIT: Got 'user.txt' now. Thanks to @sillydaddy daddy and @Xess for the advice.
Comments
I've found and can modify check= but I can't seem to execute anything. Not even the simplest of commands. I've tried different techniques but getting nothing back. Any hints?
It seems to break often on the public server, hence all the resets. Sometimes, the "Verify Status" button on the Diagnostics page doesn't even return anything.
I've captured it several times in Burp and I only see check=, should there be more?
Yes, there's supposed to be an initial value for
check.Type your comment> @SolSanctum said:
Oh yeah, I know what you are talking about and it's there. I thought you meant there was another parameter.
Just finished this box completely. I believe that @snowscan could have added an extra layer to this challenge since he had other containers to play around with.
Great job, @snowscan! Loved the challenge!
EDIT: Looking back, it makes total sense why
secretdata.txtis there. Brilliant!@i4n are you still working on the user? That check value you are working is the key. You just need to tweak it. DM me if you need a push.
@i4n Currently in the same position as you right now. I've found the parameter and have tried tweaking it but to no avail. Have you had any luck? I have a sinking feeling that my syntax is just wrong or something but I've tried everything I can think of. Guess I just need to try harder! Feel free to DM me if you want to brain storm.
I managed to login and get c*****d e*******n but i can't get a shell, i can only use commands trought the bug i found, any hint? (i also tryed a lot of reverse shell cheet sheet)
p.s. i got the user flag i just want a shell to better operate..
Could someone PM me for a few questions about the RCE? Im stuck at that.. Still newbie. I understood everything till that point
I got off to a blazing start and got user pretty quickly before hitting a brick wall. I had most of the parts together in my mind, but massive difficulty in putting them together. All in all, this was a fantastic challenge. I feel like I've learned more over the past few days than in the last year combined, and I'm very happy to have some experience with a new (to me) protocol under my belt. Massive thank you to @snox for helping me out! I love a challenge like this, where you come away with an understanding of something new, but more importantly, what areas I need to focus on. Hats off to @snowscan for creating this!
Mark me down as another one of those that has RCE, but is having trouble getting a shell to be more efficient/figure out what to do next. I'm pretty new to all of this, so wouldn't mind some tips!
Edit: of course I figured it out ten minutes after posting this.
After another big chunk of work I finally popped user. Turns out I was on the right track but overlooked a very simple concept. Turns out the answer for the RCE was staring me in the face. Thanks for all the help everyone!
Type your comment> @potatoman97 said:
pm me
If anyone needs hint for user pm me ...
I am stuck at root ... I dont have much knowledge with networking n all ..should i try rooting ? spend some time but reaching no where ...any hint is appreciated ..thanks
I'm not going to give up on this box. Despite spending way too long staring at the screen.
I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to 'user.txt'
I'd rather not be told the answer as I'm here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.
Many Thanks
Type your comment> @Gh05tR1d3r said:
You're on the right track, look at the parameters of your burp intercept, and check this out: http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
Feel free to PM me
Rooted, Best box so far!
Type your comment> @Gh05tR1d3r said:
Hi
Do not give up ... If you still need some direction pm me
thanks
Is tcpdump working correctly on the carrier box ?
I am not seeing any packets when i ping the ip from another shell of the same machine
Could you please show me a direction in privesc for carrier ?
I read about B** and A* .I understand that we have 3 As and our machine is in A1** ..
Its using q***** service with B** ...
I read from the t****** and found about the V** issue of connecting to an F** to 10.****** network .
I added the entry " network ******* " b**.c*** as
And use nc to listen ...
I know i am missing something here ..Am i in the right direction .It would be great if you give me a hint
thanks
Hi
I think I am very near ...
I have the f** req captured using nc ..I tried setting up p***** F** ser*** . but couldnt succeed...tc**** is not showing any data
Any help is appreciated ! My head is burning LOL
Wow ..What a machine ...
Finally rooted with help from many ....
Learned a lot ..Happy that i could root this !!!
Happy to help
Hardest box I've been doing so far. Finally rooted that b*tch. Thanks a lot to @snowscan for making this, I learned a TON of new stuff.
User is easy and there is plenty of hints already in this thread ; as for root, there are quite a few gotchas on the way to root.txt.
Some things that messed with me for some time : if you change the .conf of a service, be sure to write it and/or to restart the associated service so it gets accounted. Also, interface changes can be your friend. And last, but not least : be polite, say HELO.
Thanks a lot to @f1ndm3 and @Downloading for confirming I was on the right path, as well as @Xess , with whom it was quite fun to work
Hii! I need some help with user.txt. I had access to panel administrator, i can see the page: diag******* and the check parameter. 😫😫
Type your comment> @capitantrueno said:
R**
Close attention to the parameter value . ?
you have a good base
Type your comment> @Gh05tR1d3r said:
EDIT: Got 'user.txt' now. Thanks to @sillydaddy daddy and @Xess for the advice.
That was a mission finally rooted!! Thanks for all the hints and help on this one!
Type your comment> @Patapinh0 said:
It was a pleasure to struggle together haha!
Anytime!