Hint for HELP

The hints spread all over the thread should be enough to guide you on the right path, if that isn’t the case I’m open for PMs.

Got user & root. Anyone want to PM on the port *000 route for finding creds? Not familiar with that language/framework.

Hints for user:
Make sure your time is automatic.

For root: basic priv esc. Article below shows general steps, but the exploit won’t work for this box.

Ofcourse a few minutes after i ask for help, i manage to upload a file…

Great box. Detail is everything.

User had me stumped for days… “Try Harder” is an asset when approaching this box.

Root, just follow VERY basic enumeration.

The biggest takeaway and hint from this box for User and Root is: TRUST NOTHING!!!

hello everyone,
who could help me take root?

i’m get root!

Thanks for the box. As for the usual statistics in case anyone is interested: user flag took about 2 hours of on and off poking and figuring out a bunch of small problems to get it to work. Root flag took about 30 mins.

Got user, found creds for (I ASSUME based on the context) the service on port 3***. when I try to access M****** via command line, I get an error “Host Unreachable.” Host is definitely reachable (I can still hit it in the browser), so I’m confused what else might be causing that error. Google hasn’t been very helpful.

Am I barking up the wrong tree with M******? Is there a flag/option I should be specifying? Is this possibly caused by another user borking the machine, and I should reset?

I have root as well, but I know nothing of Node and would appreciate a tip on how to properly get the creds from the high port. I’ve tried google but I can’t make sense of how to use it. Thanks to anyone who wouldn’t mind sending a pm.

Amazing machine! The port 3**** is very useful for the exploit to work!

Type your comment> @Nibodhika said:

■■■■, I spent too much time banging my head against the wall on some stupid mistakes. I went the easy (unauthenticated) route, since I couldn’t figure out the high port endpoint, and after reading the code I’m not sure how I was supposed to discover that other than a wild guess.

Hint for user: go read the code, seriously, pay close attention to it, don’t trust the exploit documentation over what you’re seeing, but the exploit code is correct.

Hint for root: I hate typing in the wrong window almost as much as I hate Caps lock.

This hint gave me the final clue for a happy ending. Thanks!!

I got user and root but I ended up not using Node at all; could someone PM how they did it? I’m curious what the other options are.

I just wanted to thank you guys for the hints. This is my very first attempt of solving this sort of challenges and every is new and confusing to me.

I’ve currently managed to use the credentials, tomorrow I will continue exploring my options.

I truly think that I won’t be able to make and upload an exploit (never done that before) but I’m learning a lot, especially not to give up and keep trying everything I can.

I’ll try to keep an eye here to try to return to the community the help I’ve been granted!

I have identified the CMS. I have tested a few things from exploit-db and (regretfully) metasploit but it doesn’t seem to work. Can someone DM me with a nudge?

Deleted post

Will the box be up for many more days? Got the CMS , clever name.

Going crazy for root…
Maybe missing something in my enumeration. Although root is possible with kernel exploits, want to try without them.
Please PM me any nudge/hint.

Edit:
Rooted!!! Overlooked simple enumeration

already spent 2 hours :frowning: stuck on g*****l part. not able to create proper request in postman, Please PM any clues

Can whoever is resetting the box every few minutes please stop.
Working on root enumeration and it keeps resetting .

EDIT:

Rooted, first box I’ve done on here. Great learning experience, thanks for putting it up.

FINALLY Finished

User - was tricky … read the github source code and ignore error messages.
Root - known exploit

hey guys when I submit tickets I don’t receive any email ? Is i am right direction ?