Lightweight

Hi, I think I overlooked something in my tcpdump I have one day to check this and I’m feel so noob, I can not figure out how to get the credentials, I have try several methods and sniff the traffic in eth0 and lhost but with no success can some pm please, thank you

Anyone have recommendations for a wordlist for backup.7z ?

I did eventually find it. No graphics cards inside my Kali VM.

Anyone mind PM me on getting a root shell? I’m looking for new ideas of where I should write without breaking something.

[root@lightweight ~]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

PM me, happy to help

can you stop reset the box every 2 min !!!

finally rooted , the box its pretty nice i just mess around in the start a few hours , after with the help of @brianma i get the way, thanks i learn a new things and good job for the creator .

I ran tcpdump for an hour and dont see any ldap traffic unless I generate it. Can someone PM a hint?

Without spoiling the fun…

[+] The first 6 or so pages here have EVERYTHING you need.
[+] Shut up and listen to the box. Listen in the right places.
[+] Pay close attention to what you see on the web server. Seriously.
[+] When in doubt, RTFM. Then RTFM again.
[+] Still stuck? Google is your friend.
[+] For root/root shell; if you can read, you can write. Leverage that.

This was actually a really fun box. Little janky at the beginning but honestly, I think the creator did a pretty good job of combining real world issues with a bit of CTF flavor. Not bad at all.

Need help. I have t*****p. I have found what looks like a string associated to a user. But unsure what Todo with this? I cannot use it for SSH? Any hints?

Edit im ashamed i even asked haha

hey,
i could also need some help :confused: i used t***p and found something that looks like creds. although they seem to work with lp for l*******2, i cant get anything out if it…
PMs are welcomed! :slight_smile:

Edit: rooted. Fun machine and learned some new things.

need help with the tc****p command, not sure if im being too specific or have the wrong flags

I’m stuck here. i got the 10***** login. I have used the tcp to capture any packets. i got a Sr H**0 packet. i’m using wireshark to read it. I see what looks like a hash but has … on the end. I’m new to this all and love learning everything I can, but now im stuck. anyone will to pm me and discuses whats next or maybe a link to a site to send me in the right direction.

edit got both users stuck on root.

I am stuck on user. I have used tc****p to capture packets and output it to a pc** file but I cannot find anything in it. Anyone can give me some hints?

hmm, time to ask for some assistance. I have been looking at tcp and jx , have goit packets, i understand cant used the $6$ salts, looking in packets for some type of message. Should i be looking at this on the host itself or the client, going round in circles here, could someone give us a nudge please.

I was able to figure out how to get user2 password by reading the comments in this forum. However, i have no idea how it actually works.
What am i seeing with t*****p? What is that string that is used as the password?

Can someone PM me and explain to me or point me to a good article? Im having trouble understanding how I got this password

Thanks in advance

Anyone willing to nudge me on this box?

anyone able to give some assistance on root shell. got all flags, but have been hitting a wall on root shell, have been using capXXXXXXXXXXies, but i must be missing something, as i cannot complete it through to being able to get to root

If any one can help push in the direction for rooting? I have an idea that it deals with o**l and //s****w. Dont know if im looking down a rabbit hole or not. Thank you

Owned. Really liked this one!

No CTFish at all and it forced me to learn a lot of things. Nice!

If you need any help feel free to PM me