Luke

Spoiler Removed

@avi7611 i guess i can also use burp!
correct me if i am wrong.

Rooted. Big thanks to @vj0shii and @n1z4m for keeping my head straight.

I enjoyed this one just for practicing the techniques the odd port required.

If anyone needs any help please feel free to PM me.

Type your comment> @Tendel10 said:

Type your comment> @R4J said:

@Tendel10 there was no privesc, it was intended to get root directly

That is very disappointing

Disappointing indeed.

How much credentials do we need before we should start poking at the odd port?

Rooted.

It wasn’t as bad as some people are making it out to be.

Reminds you that enumeration is always important. Keep good notes of you might miss something. And as always, we careful when you copy paste things :)… I was hurting myself for failure to copy something correctly.

Overall decent box.

Hints: Every port should be used on this one. Thorough enumeration.

The moment when this is a 30 points box making it equivalent to Unattended and Arkham …

Hint: Enumerate ! A LOT.

The server is unstable because people are bruteforcing it. DO NOT brute force. You should get all the passwords. Use ONLY WHAT YOU GET.

Type your comment> @Ryan412 said:

The moment when this is a 30 points box making it equivalent to Unattended and Arkham …

Hint: Enumerate ! A LOT.

The server is unstable because people are bruteforcing it. DO NOT brute force. You should get all the passwords. Use ONLY WHAT YOU GET.

I was thinking the same thing… #fakenews xD

I’ve got no creds but a few places to feed them into, haven’t figured out the second highest port yet. Any hints?

Spoiler Removed

Rooted. Understanding the strange service is key. Google is your friend

This box isn’t very CTF at all. Everything you need is there and can be found with ease using common enumeration techniques - there is literally nothing you have to guess. I thought the path to shell access was nice, but would have liked to see a bit more done with root.

I got 2 logins and 1 auth point, attack surface is huge. The box will take some time

Type your comment> @1NC39T10N said:

I wasted hours trying to find the the second to last login screen. If you have found the mother load of credentials and have not yet found the right place to put them, then make sure you scan port 80 using dirb NOT gobuster. The common list will do.

Do you know why gobuster doesn’t work? I found out I could use dirsearch.py also.

Also anyone able to help me with some type of resource for the n***.j* page? Can’t find anything.

Do we need to bruteforce the login page or we can find them?

Rooted! In my opinion this box is too much CTF-like… and the fact that there is no privesc is very Disappointing :-/

Anyway, my hints for this box are:

  • Enumerate everything
  • Explore all services… specially the one that gives you an odd response (google is your friend)
  • No need to brute force… seriously!

i’ve gotten past the auth page with the 3*** port. But i was wondering if anyone could help me with the auth token after?

I can get an auth token with c*** but not sure how to login on my browser with it.

Edit: Got it.

Should the odd port be dumping passwords? I’m only getting a list of users from it.

Type your comment> @nergalwaja said:

Should the odd port be dumping passwords? I’m only getting a list of users from it.

Try accessing the users one by one :wink: