HackBack

Damm, this box is tricky, found s***** credentials, disabled functions on php.ini and I already tried to exec commands with asp… I also found a way to setup a tunnel, but no more ideas left to exec commands, could anyone help-----

got the idea about the relation between a*** .***. and w.*******. but i can locate the new file i create …? any idea

got the idea about the relation between a*** .***. and w.*******. but i can locate the new file i create …? any idea

uploaded file in go***** , however not able to find how to execute it.
Also everyone is talking about a path in js… i couldn’t find any …
Please pm me any hint

Finally done with this box, after like a month of work. ■■■■■■■■ did it teach me a lot about Windows. Genuinely highly recommended if you want to learn Windows better and hate yourself. ■■■■

help me for find the js file and hidden folder???

any help for foothold i try 6666 and its not worth it may be its a rabbit hole ?

Hi guys! Working on getting through this one at the moment but just working on enum atm… Found the “Missing Command!”

Am I on the right track?

Minor/non-spoiler hints appreciated as well :slight_smile:

Been working on this for a while. Looking for a nudge on where to find the priv esc from h***** please.

Hi guys would like some help getting started with this, totally clueless. already bruteforced several links but nothing.

scanned for jsp pages but nothing.

Type your comment> @Tchernobyl said:

Could anyone give me a nudge? I’ve managed to get the obfuscated js but i don’t know how to make it clean

PM me; i just figured this out recently

I am getting nowhere pls, assist me just a little. cant login on /b*****

Very realistic box, but super time consuming… I like the fact we need to enumerate thoroughly for privesc, but its a bit too much. Overall, it was worth it!

How is anybody supposed to scan this box for open ports, it slows down like crazy. I found the high number port but I am still thinking if there are other ports to scan for.

Type your comment> @TsukiCTF said:

Very realistic box, but super time consuming… I like the fact we need to enumerate thoroughly for privesc, but its a bit too much. Overall, it was worth it!

How did you get the special port? How did you scan that port and how long did it take?

Anybody do anything useful with the Lx C*****rs?

Type your comment> @YanTayga said:

@hansraj47 there is a service on 6666 that could tell you open ports

i tried to nc/telnet 6666, but lets see again.

stuck here on 6666, i have no clue what to do next, 1 small hint here please.

Does UL**.exe exist for anybody else? Seems to be completely absent…