rooted … very easy and straightforward box
User took a couple hours cause people feel the need to put their backdoors on the index.php
and hose the box in the process, causing a reset every few minutes. I hate you if you did that. Just sayin.
Got a shell, ran Linux Smart Enum and popped root in about two minutes. Waaaaaaaaaay too easy, IMO.
Decent box, though. Just wish people (even on VIP) would quit ruining it for everyone around them.
Anyone have an idea, why the script always ends with “DID NOT WORK” ?
Rooted. Cool machine
Easy root )Thx for box! ) Love it
Any hint on how to decrypt the M****** password?
Any hint what to do after login into m*****o as admin?
got a admin account but now after the thousands of resets the exploit isnt working anymore, does anyone know why?
Any nudges for user?
user > google is your friend for a shell although it took me a while to find the right exploit. Theres an old school video game that might help.
My only complaint is we are in 2019 we shoudn’t really be ctfing a box with a 4 year plus vuln when there is a pretty decent exploit just released.
I understand this was done for simplicity reasons but considering the vuln you used is mad old and what not threw me off and honestly i didn’t even do the box when i seen this than a friend came on and i helped him not sure why but this aspect really aggravated me either way thanks creator just my 2 sense.
Hey all, completely new and this is my second box. I have a pretty good idea of what I am supposed to do but I am completely lost as to how to leverage the vulnerability in the web page. Any hints would be appreciated.
Type your comment> @PavelKCZ said:
Anyone have an idea, why the script always ends with “DID NOT WORK” ?
wrong exploit, contains path that doesn’t exist
Type your comment> @p1azm0id said:
Type your comment> @PavelKCZ said:
Anyone have an idea, why the script always ends with “DID NOT WORK” ?
wrong exploit, contains path that doesn’t exist
comment is extremely misleading I would say
Type your comment> @halfluke said:
Type your comment> @p1azm0id said:
Type your comment> @PavelKCZ said:
Anyone have an idea, why the script always ends with “DID NOT WORK” ?
wrong exploit, contains path that doesn’t existcomment is extremely misleading I would say
I don’t understand why the exploit isn’t working. Infact I’ve tried a couple.
Could we get a hint please.
I got a username and password and i logged in somewhere, but I am stuck and I don’t know where to go from here.
Very fun little box, user & rooted
Learned a lot, and in the end its nice to find the little surprise.
I can log in but cannot get a shell
Rooted
All thanks to @gokuKaioKen and @NPCMaster for guidance in the dark!
Tips:
User:
- man ghostbusters are in town
- credentials needed? what if I store-steal my way in
- google search = easy reverse-shell
Root:
-just enumerate, run the most basic command, you’ll see it
PM for help if you need
Box rooted, very good box.