Type your comment> @MisterBert0ni said:
@MinatoTW Thank you for so emotional hack journey It was like MMPORPG quest )
Thanks ! Glad you enjoyed and half the credit goes to @egre55
Type your comment> @MisterBert0ni said:
@MinatoTW Thank you for so emotional hack journey It was like MMPORPG quest )
Thanks ! Glad you enjoyed and half the credit goes to @egre55
ā ā ā ā near a week on this box but finally rooted. Holy ā ā ā ā . What a ride. We need more of these!!!
That said, the last root.txt troll was a bit āmuchā in my opinion. The other ātrollsā were pretty legit, though. Otherwise, I learned a ton from this one. ā ā ā ā sure couldnāt have done it without a couple guys teaming up with me but the deed is done and just in time for the new box being released in ~1hr.
Good ā ā ā ā guys. Thanks for the ride.
Type your comment> @MisterBert0ni said:
@Xentropy said:
Am I daft? Iāve enumerated both sites both with custom wordlists and more āstandardā ones but I still canāt find where the files get uploaded. I must be missing something really basic. Anyone want to DM me a hint or just drop one here please?This is type of insecure file upload related to extracting file from archive.
Haha, and all this time I figured it was my enumeration failing. Thanks.
Edit: got user! If you see the user.txt troll keep enumerating! Youāre not far away.
On to rootā¦
Iāve been poking around at the upload, however not finding anything unusual yet with an archive.
actually where is root.txt. i rooted go* * server . and i got ao**r*-**p.7z
any hint
Edit: rooted.
thanks @0xRick @moxic @cyberus @JonnyVTMRF
I learned a lot
rooted! And I learned a lot on this one. thanks, I hate it.
āYouāve done well to come upto here human. But what you seek doesnāt lie here. The journey isnāt over yetā¦ā
40 points huh?
Feel free to PM if you need help !
Hello I tried to crack the http auth on the high port without success.
Can you help me please?
Need help on user.Iāve tried to enumerate the port,the website.I got se****.**p,tried to login user with information mentioned but failed.Got the upload,but files could not be found.Use different wordlists with different extensions on dirbuster,but no more useful information.Where should I do furter?
Can anyone assist with root.txt? Iāve found some things in an archive, nothing has worked so far. Not really too sure where to go from here
Hi guys, i am enumerating every single directory in both of the service, any hints about which list I should use ?
Can anyone give me a tip for rooting the second box? I have root on 1 and 3 and have been enumerating everything, but I canāt seem to figure out the next step.
i think i am very close to user. i have ssh shell.
but i cant read the Im*****t.pdf file.
and i dont know how to download it, please if anyone knows tell me
Finally got root.txt. Great job @MinatoTW & @egre55 that was brutally good. I needed some assistance along the way but I learned probably 4 solid new things during the process. One thing though, this box feels like it should be worth like 80 points after that war I just went through, it is definitely worth taking this box to the end though.
Weāre glad you had fun!
Type your comment> @backspace said:
Looking for rootā¦ I found the g*** UIā¦ do I need to brute force?
Edit: NVM, no brute force required, the answer is within youā¦
Anyone with some guidance on this one? Iāve been looking inside-out and canāt for the life of me find anything credential related, only guts&gore inside me
i have a ssh shell.
but i dont know what i do next to get user.txt
please help PM
Hello, iāv been trying my luck at this box for couple days now and i have some hints but i donāt know how they can relate to each other nor where to āuseā them, could someone PM me for a hint, thanks !