Writeup

@PanamaEd117 said:
Found an exploit, but just hangs my kali box. Gonna move on to an easier box. This is one is way over my head. I will wait for it to retire, and read the write up…

You can do it… Don’t wait. Just try a little bit more… YOU CAN DO IT… ?

Hi everyone,
I’m very stuck on user…

Been reading the posts here and trying to figure out the hints…

I found the authentication page in /wru/a*n
And thought, ok this I could logon to using metasploit (as in locating the creds)
But no success (I used the common wordlists with kali)

I also found the exploit for the certain app being used for the site (well it looks like the exploit that everyone is referring to) but looking at the code it seems I need to get some more info from the site to add to the code.
That info I think is part of getting access to the site mentioned at the start of my comment.

So any hint/nudge for me to get user?
Am I on the right track?

I’ve been staring at the p**y for a long time now, but I can’t for the life of me figure out what to look for.

Would somebody be so kind to send me a little nudge?

Type your comment> @Vex20k said:

I’ve been staring at the p**y for a long time now, but I can’t for the life of me figure out what to look for.

Would somebody be so kind to send me a little nudge?

Read all the comments here that give nudges for root. More would be spoilers.

Type your comment> @dt31t0vv said:

Type your comment> @Vex20k said:

 I've been staring at the p**y for a long time now, but I can't for the life of me figure out what to look for.

  Would somebody be so kind to send me a little nudge?

Read all the comments here that give nudges for root. More would be spoilers.

Agreed 100% here.

Hmm, alright. I’ll have another good look at it then.

Thanks @jkr !
Fun machine! Can’t believe I have been staring at that process for so long and after several hours I just realized what I’m looking at :slight_smile:

Type your comment> @acidbat said:

Hi everyone,
I’m very stuck on user…

Been reading the posts here and trying to figure out the hints…

I found the authentication page in /wru/a*n
And thought, ok this I could logon to using metasploit (as in locating the creds)
But no success (I used the common wordlists with kali)

I also found the exploit for the certain app being used for the site (well it looks like the exploit that everyone is referring to) but looking at the code it seems I need to get some more info from the site to add to the code.
That info I think is part of getting access to the site mentioned at the start of my comment.

So any hint/nudge for me to get user?
Am I on the right track?

DId you run the script without any arguments?? what it says??

@emmycat said:

@dividebyzer0 said:

Ubj nobhg lbh chg va gur rssbeg naq QB VG LBHEFRYS lbh ynml cvrpr bs fuvg?

Best comment ever :3
I needed a laugh today, thank you.

Best comment is when we get some direction pointer for researches.
But that comment Instead of the light hint gave us the final answer.

Hi. I have the /w*****/a***** popUp. I have an email address and another blocks name as creds. I notice an MD% in bold in the source on one page. Im in need of a nudge to get some creds I can use. Please can you help? Thanks :slight_smile:

Love this BTW! - " Ubj nobhg lbh chg va gur rssbeg naq QB VG LBHEFRYS lbh ynml cvrpr bs fuvg "

Great machine! Thanks @jkr !

User: CVE, needs some enumeration and a bit trial and error. Exploit works out of the box and is fun to watch. Very cyber :-p

Root: Tricky way to get it, learned a lot doing it!

I owned it

Thanks for everyone helped me <3

Some Tips :

1- Forget brute-force
2- you don’t need hashcat or john

for USER :

it’s very easy and very TIMEd

for ROOT :

analyze pspy , maybe logout and login will be useful

Finally : Feel free to PM for any help :smile:

Cool box. rooted.

Type your comment> @1uffyD9 said:

Type your comment> @acidbat said:

Hi everyone,
I’m very stuck on user…

Been reading the posts here and trying to figure out the hints…

I found the authentication page in /wru/a*n
And thought, ok this I could logon to using metasploit (as in locating the creds)
But no success (I used the common wordlists with kali)

I also found the exploit for the certain app being used for the site (well it looks like the exploit that everyone is referring to) but looking at the code it seems I need to get some more info from the site to add to the code.
That info I think is part of getting access to the site mentioned at the start of my comment.

So any hint/nudge for me to get user?
Am I on the right track?

DId you run the script without any arguments?? what it says??

Was actually the wrong exploit.
Think I got the correct one now, and now I get the TIMED hints. ?

Back to trial and errors :slight_smile:

Type your comment> @acidbat said:

Type your comment> @1uffyD9 said:

Type your comment> @acidbat said:

Hi everyone,
I’m very stuck on user…

Been reading the posts here and trying to figure out the hints…

I found the authentication page in /wru/a*n
And thought, ok this I could logon to using metasploit (as in locating the creds)
But no success (I used the common wordlists with kali)

I also found the exploit for the certain app being used for the site (well it looks like the exploit that everyone is referring to) but looking at the code it seems I need to get some more info from the site to add to the code.
That info I think is part of getting access to the site mentioned at the start of my comment.

So any hint/nudge for me to get user?
Am I on the right track?

DId you run the script without any arguments?? what it says??

Was actually the wrong exploit.
Think I got the correct one now, and now I get the TIMED hints. ?

Back to trial and errors :slight_smile:

You’ll get that… :smiley: :smiley: um sure… keep trying … heheee :smiley:

I need help with privilege escalation. I used pspy, but a lot of users do this machine, and I try to enumerate different proc for escalation. But I am not sure what I need to find. Give me a hint in PM.

So I need some help if possible, I tried dirb and gobuster no joy, I used burpsuite found some pages but no creds or anything like people talk about. I am, lost like a LT trying to land navigation if anyone can help.

Also been stuck for a day on root privesc… I think I’m on the right track (looking at r**-p*****) but I can’t get it to work. Would love a hint/nudge on PM

Good GOD, finally I rooted this box! This was the most confusing privesc I’ve ever come across so far considering it’s an easy box. I’ve been running around in circles for 2 days. It’s still confusing even I’ve got help from others. Thanks to all the guys who helped me. :+1:

finally rooted thanks to @jfx41, @mpzz @Mryihan