So far got the user.txt now looking for the root.txt. I’ve seen the routes but can’t figure out how to add it to the bp conf and then intercepting the traffic. A little help would be appreciated.
Edit : configured all but tc***p doesn’t seem to intercept
Great box ! Learning a lot and discover a very interesting technique.
My tips :
foothold : enum correctly and when you enumerate, don’t miss the halt of the equation.
And an advice that I forget too often : if you find something you don’t understand, take your time and read some doc!
user : think like the developer. If you want make the same thing, what code will you write? use burp/zap and you will find.
root : ok, now if you don’t know the attack, you need to learn it, all is on this thread.
Take your time to learn what append, what can be do. If you don’t have a knowledge of the tool, you will not find the root flag. The creator has put some hints like a real life box on the foothold, read this carefully.
Been trying all day yesterday to get a reverse shell or any sign that RCE is working using Burp/NC, | || & && ’ $, nothing seems to work/append the command… It just seems to ignore it!
Can someone help me to exploit the RCE inside the dashboard? I’ve been trying to do code injection into it but I’m lost, don’t know what else should I do.
For the people stuck at port enumeration, remember that you can do many kind of scan with namp, and that some ports will respond only if correctly interrogated, with the correct protocol.
For the RCE: you must find the page where something is “running”… can you guess which command is being executed server-side and echoed inside the page? It’s a really peculiar output and i am sure you have seen it many times.
Try it on your local console, and see if you can inject something in it.
I’m currently struggling as root. I think i got the correct attack vector, and p* a*x is chocked full of fellow users probably looking for the same thing as me. But still no luck tho, i am not sure if the b** h***** is actually working at this point.
Any hint or PM would be really appreciated, my brain is literally melting
And, really, this box is amazing. I’m learning a ton of stuff
I managed to get reverse shell as root which turned out to be the user profile having user.txt
Is everything correct? Who’s the boss of root? MegaRoot? I’m confused where to go for the root flag since I’m in /root and it’s not there
I managed to get reverse shell as root which turned out to be the user profile having user.txt
Is everything correct? Who’s the boss of root? MegaRoot? I’m confused where to go for the root flag since I’m in /root and it’s not there
All on same boat… I think we should search more.
I would be grateful for a bit of help. I’m into the control panel and trying to RCE c****k but everything I try doesn’t work. Could someone please PM me some help?