Writeup

Hello, I’ve been stuck with the w****** page for so long, checked if there is lfi in p***. found what’s running without wappalyzer, the probleme is I do not know the version, so I do not know what exploit to use. any hint will be appreciated as I am sure I am in the right path.

Edit: found the exploit and did the rest, gonna look for the user flag now.
thanks for the hint deviate, sm0n6

My hint would be it’s a fresh new box. peoplz hinted the exploit on how it’s user friendly… for the cracking you’ll be able to do it if you got the creds at the first place (did you even read the exploit …)

A lot of the exploits require you to be logged in. Unless you can log in, you can probably rule those out for now.

Type your comment> @MRwatch0xff said:

Hello, I’ve been stuck with the w****** page for so long, checked if there is lfi in p***. found what’s running without wappalyzer, the probleme is I do not know the version, so I do not know what exploit to use. any hint will be appreciated as I am sure I am in the right path.

If you found it without wappalyzer then maybe if look closer you can rule out certain CVEs

Finally got root, PM if you need a nudge.

Very nice box, very realistic and i think it could also fit on the pwk labs for OSCP. Congratulations @jkr .

Finally rooted. Very nice box. Thanks for the nudges. Learned something new with this one.

Good work @jkr . PM if you need help

i run the script and keep getting a proxy error from localhost…now i’m just confused…any hints?

Very nice box @jkr .

Root is tricky to find if others are not on the box IMO. Use the tool already mentioned to monitor processes, but generate traffic to the box while this is running using the VERY last step needed to get user. Observe the process, and consider how to leverage.

Interesting root… I will remember to keep my eyes open and not just stare at the shiny objects in the future.

wth … i keep getting a error on the exploit … SyntaxError: Missing parentheses in call to ‘print’. Did you mean print(“[+] Specify an *** target”)?

please, let me know if there is any script or command which can be used to see which dir are user writeable, I am using find command but it is not giving me much.

Type your comment> @mrajput7 said:

please, let me know if there is any script or command which can be used to see which dir are user writeable, I am using find command but it is not giving me much.

find / -type d -writable 2> /dev/null

Type your comment> @thecisco said:

wth … i keep getting a error on the exploit … SyntaxError: Missing parentheses in call to ‘print’. Did you mean print(“[+] Specify an *** target”)?

You’re trying to run a Python 2 script with Python 3.

No matter where I adjust T**E on the script either when executing the script or in the scripts source, it still just wants to zoom its way through and hit me with the ddos protection… Im either noobing this right now or its executing wrong. Any suggestions on possibly how to fix it or set the delay?

Any idea how to crack the hash, using the default script it is taking ■■■■ lot of time and every time I am running the exploit it is giving me a new hash and salt each time.

I’ve been getting the same result after running the script against /wp/ with the ck option, but the creds don’t work on /w**p/a****. I’ve slowed the time element of the script. Any nudges?

edit: got user. Sometimes when a service seems beat it’s good to move on to another one.
edit: got root. That was a fun one. Thanks for the box @jkr

rooted.
thats better

Type your comment> @fatty said:

Type your comment> @mrajput7 said:

 please, let me know if there is any script or command which can be used to see which dir are user writeable, I am using find command but it is not giving me much.

find / -type d -writable 2> /dev/null

Thanks.

@fatty said:

find / -type d -writable 2> /dev/null

For finding writable directories (as well as finding a ton of other stuff) LinEnum (https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh) and/or lse (https://github.com/diego-treitos/linux-smart-enumeration/blob/master/lse.sh) will work as well.

Type your comment> @jkr said:

@fatty said:

find / -type d -writable 2> /dev/null

For finding writable directories (as well as finding a ton of other stuff) LinEnum (https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh) and/or lse (https://github.com/diego-treitos/linux-smart-enumeration/blob/master/lse.sh) will work as well.

okay sir thanks very much