Very easy box which is pretty realistic imo.
Hint for user: credential stuffing
Hint for root: pspy
did pspy but still no luck, i know how to do it but could not get which service to
The only interesting thing that pspy reveals is a cron, but the files it creates, are unpredictable (AFAIK), & they out of my permissions range. The box is so stripped down, I find myself using busy*** for basic enums.
well i know one which i can use, thanks to pspy but trying to figure out how to is my question now. Any articles would be appreciated
I noticed a writeable dir that kinda changed everything (eliminated race condition from my train of thought).
For people stuck on the hash, either use “the tool”'s script or alternatively use hashcat. I’m sure you can make john work somehow but getting hashcat to handle the salt correctly was a lot more straight-forward.
I have never seen the exploit needed for root to be triggered this way, its not always that everyone can learn something from an easy box. My thanks to @jkr
Okay I enumerated port 80 and found the /w****** and with wapp****r i found a particular C** ma** Sim** but how can I exploit this please PM me and help been stuck for a day banging my head against the wall
I guess I am getting good at solving boxes. Keeping things organized helps a lot. Thanks @jkr for your efforts to build the machine.
for user: find the application type/technology, search for exploits on google.
for root: use some tools to snoop on processes and observe file-system changes.
Of course I know that these things I said are very simple, but sometimes people forget to consider them.
Some people are having issues with cracking because what they’re getting out of a popular tool isn’t valid data despite looking like it. Make sure everything the tool gives you looks right. I don’t know if it’s caused by server load or what but if you’re struggling here just consider that as a thing that may be happening.
Can someone help with the password? Each time I run the script have a different result. PM please.
same issue here
Edit & Hint : OK , Its related to connection stability ,you can break down the exploit and rerun every single piece to confirm or you can play with the time a bit , It will take longer but better results .