Curling

Hi,
I’ve completed the box, If you need help, just pm me :blush:

Hack The Box

hi all i need a bit op help im tring to get user but im stuggling to convert the bz2 file to a gz file, just changing the extenstion dose not work. Aaaarrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
mv password password.gz ------- its still classed as compressed file but not a gz file

hope you can help

Hey guys! Can anyone shed any light on why a certain file may not be decrypting so straightforwardly? How could you structure its decryption? I have had a go with cyberchef and dtrx. Still got a sprinkling of gobbledygook. Time for a brew

Can someone PM me regarding the p*******-b***** file? I’ve read all the hints in here and tried everything I can think of…

EDIT: nvm… FINALLY figured it out

For the p*******-*****p file, look at magic numbers. Those will help figure out what a file is. Cyberchef has a great “magic” component that can help

Type your comment> @cycloneripper said:

hi all i need a bit op help im tring to get user but im stuggling to convert the bz2 file to a gz file, just changing the extenstion dose not work. Aaaarrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
mv password password.gz ------- its still classed as compressed file but not a gz file

hope you can help

hi all i need a bit op help im tring to get user but im stuggling to convert the bz2 file to a gz file, just changing the extenstion dose not work. Aaaarrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
mv password password.gz ------- its still classed as compressed file but not a gz file

hope you can help

hi guys. could somebody help me with p*******_b***** file? the question is how this decrypting works…

Type your comment> @mortone said:

hi guys. could somebody help me with p*******_b***** file? the question is how this decrypting works…

level 12 of Bandit on Over The Wire, search for it, you’ll understand…

can someone please drop me a message, pretty sure im in the final stages of root on curling, but cannot seem to nail it down

I read most of the comments, but still couldn’t get the root shell. I am looking into a***-***a directory and still couldn’t get a clue. Can someone PM me a hint?
Thanks in advance…

Stuck on getting a shell uploaded on the joomla admin panel, tried editing the templates, installing a simple file uploader but nothing seems to work, anyone able to nudge me in the right place?

got user and root flag, still working on a root shell but not really sure if I am overcomplicating it. Anyone willing to give a hint in PM?

Type your comment> @Parrrs said:

I read most of the comments, but still couldn’t get the root shell. I am looking into a***-***a directory and still couldn’t get a clue. Can someone PM me a hint?
Thanks in advance…

Edit the files, watch the files. See if you can catch whatevers happening to them. Then read the manpage.

@c4m said:
Stuck on getting a shell uploaded on the joomla admin panel, tried editing the templates, installing a simple file uploader but nothing seems to work, anyone able to nudge me in the right place?

PM’d you.

So i found a password that im 100% is a password to something. usernames are typically admin. i had attempted to login but got a “security token” error. Now i cant login with the same creds i think. Should i reset it?

After almost two days on this seemingly easy box I finally found the root flag. I’m still not sure which process is running and updating that one file, so if anyone is willing to discuss please dm me.

thanks to jkr for showing me a nice way to monitor the running processes :slight_smile:

rooted, but i got user by uploading shell , i wanna know how the others overwriting the index.php to get shell , plz PM me :smile:

Edit: got it, I’m an idiot :grimace:

Rooted, fun box! I actually got it through a root shell. I would like to know how others did it, I think there is another way by editing a certain file i…t.txt. I think it would also be possible to output the flag in a way. I saw others try it. Somebody cares to share this method (PM)? Thanks!

I feel like an idiot, I have fount he se****.*** file and I even know how to drop a shell, but I cannot find the way to use that password (transformed I mean) with any user or where in the login. Could someone drop me a PM to help?