Writeup

help me with the user flag i have found p*** but do not know what to do further

Spoiler Removed

@Zot said:
Type your comment> @0xAMS said:

Type your comment> @Zot said:

Type your comment> @p0n said:

Type your comment> @0xAMS said:

do you need creds for the exploit?
because none in searchsploit that do not require authentication worked for me

No creds needed. A simple google search and a quick scanu of the results should be enough

Yes, I agree w/ @p0n. But I’d say @0xAMS, you lie, or perhaps, ahem “Try harder”.

lie??
the exploit needed has to do with sqli (the others did not work)

and the sqli did not work also

this is where my exploit stops

at this point

[+] Salt for password found: 1
[*] Try: js

next time if you have nothing positive to say keep your opinion to your self

I say you lie, because I used searchsploit to find an unauthenticated exploit for a piece of software clearly listed in wapalizer. Very straightforward.

I guess the positive thing to say would have been “provide it a wordlist”. my bad, I guess.

Very easy box which is pretty realistic imo.
Hint for user: credential stuffing
Hint for root: pspy

Type your comment> @godzkid said:

Type your comment> @Fugl said:

Type your comment> @emaragkos said:

The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

This! :joy:

Tip for user: If you believe you’ve found something but not enough, you probably have found enough. Try to figure out what it is you found instead of looking for more content. Remember that it’s an “easy box”, so most likely the user shell isn’t going to require much effort - looking back anyway. When you feel like you can relate to the above quote, you’re in a good place. At least you’ll get the joke anyway.

bro just tell about page already

You probably found the page already… just enumerate it.

bro
That bypass is not working for me either

Type your comment> @Fugl said:

Type your comment> @godzkid said:

Type your comment> @Fugl said:

Type your comment> @emaragkos said:

The exploit used in this machine is seriously on of the most user-friendly I have even used. Funny to use, it is like it came out of a movie!

This! :joy:

Tip for user: If you believe you’ve found something but not enough, you probably have found enough. Try to figure out what it is you found instead of looking for more content. Remember that it’s an “easy box”, so most likely the user shell isn’t going to require much effort - looking back anyway. When you feel like you can relate to the above quote, you’re in a good place. At least you’ll get the joke anyway.

bro just tell about page already

You probably found the page already… just enumerate it.

how to do that ? what should i do exactly

writeup machine is not working properly
at one time i am able to access 80 port but another after two seconds it does not work properly

I have the salt password, the user, the email and the password, but not working… Any help?

Type your comment> @gonzahack said:

I have the salt password, the user, the email and the password, but not working… Any help?

Same. For some reason I can’t seem to be able to decrypt the password.

Type your comment> @TsukiCTF said:

Very easy box which is pretty realistic imo.
Hint for user: credential stuffing
Hint for root: pspy

did pspy but still no luck, i know how to do it but could not get which service to

Type your comment> @amk2 said:

Type your comment> @gonzahack said:

I have the salt password, the user, the email and the password, but not working… Any help?

Same. For some reason I can’t seem to be able to decrypt the password.

The problem is that the salt may be at the beginning or at the end of the password. I used online decryptors but it does not work

Type your comment> @Alienware said:

Type your comment> @TsukiCTF said:

Very easy box which is pretty realistic imo.
Hint for user: credential stuffing
Hint for root: pspy

did pspy but still no luck, i know how to do it but could not get which service to

The only interesting thing that pspy reveals is a cron, but the files it creates, are unpredictable (AFAIK), & they out of my permissions range. The box is so stripped down, I find myself using busy*** for basic enums.

Type your comment> @Alienware said:

Type your comment> @TsukiCTF said:

Very easy box which is pretty realistic imo.
Hint for user: credential stuffing
Hint for root: pspy

did pspy but still no luck, i know how to do it but could not get which service to

It is just a hint. You need to chain some misconfigurations here and there to successfully own the box

I can’t find Credentials using the exploit as the server stops responding due to the DOS script implemented in it. Any nudges or help , please ?

Type your comment> @mrajput7 said:

I can’t find Credentials using the exploit as the server stops responding due to the DOS script implemented in it. Any nudges or help , please ?

Be sure to include the directory /w****** in the exploit.

Type your comment> @Zot said:

Type your comment> @Alienware said:

Type your comment> @TsukiCTF said:

Very easy box which is pretty realistic imo.
Hint for user: credential stuffing
Hint for root: pspy

did pspy but still no luck, i know how to do it but could not get which service to

The only interesting thing that pspy reveals is a cron, but the files it creates, are unpredictable (AFAIK), & they out of my permissions range. The box is so stripped down, I find myself using busy*** for basic enums.

well i know one which i can use, thanks to pspy but trying to figure out how to is my question now. Any articles would be appreciated

Type your comment> @amk2 said:

Type your comment> @mrajput7 said:

 I can't find Credentials using the exploit as the server stops responding due to the DOS script implemented in it. Any nudges or help , please ?

Be sure to include the directory /w****** in the exploit.

Whether it is useful to use some word list ?

Type your comment> @mrajput7 said:

Type your comment> @amk2 said:

Type your comment> @mrajput7 said:

 I can't find Credentials using the exploit as the server stops responding due to the DOS script implemented in it. Any nudges or help , please ?

Be sure to include the directory /w****** in the exploit.

Whether it is useful to use some word list ?
Sending you a PM now

Type your comment> @Alienware said:

Type your comment> @Zot said:

Type your comment> @Alienware said:

Type your comment> @TsukiCTF said:

Very easy box which is pretty realistic imo.
Hint for user: credential stuffing
Hint for root: pspy

did pspy but still no luck, i know how to do it but could not get which service to

The only interesting thing that pspy reveals is a cron, but the files it creates, are unpredictable (AFAIK), & they out of my permissions range. The box is so stripped down, I find myself using busy*** for basic enums.

well i know one which i can use, thanks to pspy but trying to figure out how to is my question now. Any articles would be appreciated

I noticed a writeable dir that kinda changed everything (eliminated race condition from my train of thought).