Redcross

can someone tell me more details about BOF? i want to use BOF to get root, i got root by used ps*l.

Type your comment> @B1ngDa0 said:

can someone tell me more details about BOF? i want to use BOF to get root, i got root by used ps*l.

I’m in the same situation. I’m trying the BOF too but failed so far.

Can someone give me a pointer on the sin technique. I’m getting an error and it looks like it can be done. I haven’t gotten anything useful from sp. Maybe there’s a setting or something I’m missing.

Got root before I got user, this box was way easier than I thought it was going to be so not sure if it was the intended way.

Hit me up if you need any pointers.

Pm if anyone needs help with root?

Finally rooted, if you need any nudge or hint, please PM me. Im glad to help you. :wink:

I logged in at i**** as g****, I retrieved all the messages but I can’t find any credentials, also found the second login page a**** but guessing didn’t work out! Using sp with the address in the i is causing the server to ban me for a minute.

I’ve been stuck for a few days… I’m trying to crack the password hashes for a few days… I have some of the lower level users… But am stuck on this… I tried crackstaion and a few others but no luck… Am I on the wrong path or just need to wait until it cracks the important one?

Edit
@bl4sph3m thanks for the hint on moving forward…

Been stuck for quite some time now.
Found two relevant domains, got all the messages inside the first one and possibly another user that hasn’t been mentioned there, but that’s it… would love a little nudge.

Would very much welcome a PM about that.

fiigured out what I was doing wrong… wondering if I need to bust b****t now?

Update: Maybe i was beeing stupid or had a bad connection - but now it worked…
Thanks to ompamo :slight_smile:

mhh… i am kind of stuck. I have 2 users + pass through s***, but wanted to try the x**. It works on my local box, but not on redcross. Maybe because on the other side there is no user with browser, but a curl script? Tried different aproches, but maybe i fail because its my first x** :wink: If somebody want to help / discuss please pm.

Need help with s… or x**, the ia crashes after some time using s*p

EDIT: thanks to @ompamo - I’m moving forward :slight_smile:

Done redcross,

Hint:
Initial: do your enum properly, study why you cant load the site, what can you do.
user: study owasp top 10, not always you will have to get the user first, you can get root first.
root: there are plenty of step, think about the basic component of forming a web application, what and where does it stall the data, can you make changes to it?

can someone help me here got the db and other required things but when i try to logging into the p**l my shell is freezing mid way after giving the password

I need to be pointed in the right direction here. S** I********* are not my strong point. I can see there is one when logged in with g****:t in the LT C***e but i am stumped how to get anything useful out of it.

Type your comment> @jimmypw said:

I need to be pointed in the right direction here. S** I********* are not my strong point. I can see there is one when logged in with g****:t in the LT C***e but i am stumped how to get anything useful out of it.

Never mind, I overlooked something. I’m back on track!

Have time to go while the box is still running!
The box is difficult but a couple of days is enough to pass)

rooted, pm me for hints

Rooted! Managed to go the “easy” route. PM me if you’re stuck :slight_smile:

Saw it was retiring and I was already working on this box. Moved my ■■■■ and grabbed root before user… this doesn’t happen to me often. :slight_smile: Very interesting box, made me dig out some database-fu know-how.

Thanks to @ompamo, the box had a good run