Writeup

Type your comment> @emaragkos said:

The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

This! :joy:

Tip for user: If you believe you’ve found something but not enough, you probably have found enough. Try to figure out what it is you found instead of looking for more content. Remember that it’s an “easy box”, so most likely the user shell isn’t going to require much effort - looking back anyway. When you feel like you can relate to the above quote, you’re in a good place. At least you’ll get the joke anyway.

any hint on root? does s**** G**** related?

@emaragkos said:
The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

That exploit made me want to redo everything I ever did in python to print that beautifully

What beautiful exploit.
Almost like Swordfish movie terminals hahah.

anyone available to give me a nudge?

do you need creds for the exploit?
because none in searchsploit that do not require authentication worked for me

Type your comment> @0xAMS said:

do you need creds for the exploit?
because none in searchsploit that do not require authentication worked for me

No creds needed. A simple google search and a quick scanu of the results should be enough

Type your comment> @p0n said:

Type your comment> @0xAMS said:

do you need creds for the exploit?
because none in searchsploit that do not require authentication worked for me

No creds needed. A simple google search and a quick scanu of the results should be enough

i did searchsploit on the software and used the exploits it mentioned with no luck

managed to get creds, need a bit of a nudge
I feel like I’m overlooking something as I can’t get the creds to work on /w******/a****

@Cynn maybe enum other services futher

Thanks @smithc can’t believe I overlooked that

@Cynn no worries mate

Stuck after user flag - ran the usual enumeration scripts but nothing jumped out at me.
Am I blind?

I dunno if the exploit is “matrix” or swordfish" like, but is does sort of remind me of padbuster, the way it increments, I guess. It is neat tho, having phun :+1:

Type your comment> @p0n said:

Type your comment> @0xAMS said:

do you need creds for the exploit?
because none in searchsploit that do not require authentication worked for me

No creds needed. A simple google search and a quick scanu of the results should be enough

Yes, I agree w/ @p0n. But I’d say @0xAMS, you lie, or perhaps, ahem “Try harder”.

Type your comment> @Fugl said:

Type your comment> @emaragkos said:

The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

This! :joy:

Tip for user: If you believe you’ve found something but not enough, you probably have found enough. Try to figure out what it is you found instead of looking for more content. Remember that it’s an “easy box”, so most likely the user shell isn’t going to require much effort - looking back anyway. When you feel like you can relate to the above quote, you’re in a good place. At least you’ll get the joke anyway.

bro just tell about page already

Type your comment> @Cynn said:

managed to get creds, need a bit of a nudge
I feel like I’m overlooking something as I can’t get the creds to work on /w******/a****

Go to your nmap and you’ll get them to work

Spoiler Removed

help me with the user flag i have found p*** but do not know what to do further

Spoiler Removed