Player

Thanks @chivato glad that you had fun.

the first vulnerability / exploit was one of my favourites I’ve seen. Enjoyed the box :smile: thanks

I Need help user :[

Found some vhosts, found the “hints” to what is wrong with the site(s), found some names in an answer to a url request, found source of the countdown (client side), found a login. And stuck, next step unknown :smile:

I’ve found the hash for the IDE through another vuln. Do I need to crack/bruteforce this hash to login? I’ve tried rockyou, but that didn’t work.

Type your comment> @12thRockyou said:

the first vulnerability / exploit was one of my favourites I’ve seen. Enjoyed the box :smile: thanks

Yes, I know which one you are talking about, the exploit that stood out was very fun, but like I said, I still think the initial foothold was a bit of a stretch :slight_smile:

Type your comment> @12thRockyou said:

the first vulnerability / exploit was one of my favourites I’ve seen. Enjoyed the box :smile: thanks

Welcome.

What kind of magic is that :open_mouth: ? Amazed.

Type your comment> @davidlightman said:

What kind of magic is that :open_mouth: ? Amazed.

Magik

Rooted, after a good time, thanks for the box she is great ! :smiley:

Type your comment> @Seepckoa said:

Rooted, after a good time, thanks for the box she is great ! :smiley:

@Seepckoa said:
Rooted, after a good time, thanks for the box she is great ! :smiley:
Welcome <3

@halfluke said:

Found some vhosts, found the “hints” to what is wrong with the site(s), found some names in an answer to a url request, found source of the countdown (client side), found a login. And stuck, next step unknown :smile:

I’m at the same step.

I’ve enumerated a bit and know what app is running on one of the su***** and a RCE exploit for it, but still no creds for that login. I’m wondering if limited brute forcing for that login page is necessary, i’ve got a few users to try from other services. :smiley:

Brrr

Very nice box @MrR3boot, I enjoyed it a lot.

Type your comment> @snowscan said:

Very nice box @MrR3boot, I enjoyed it a lot.

Awesome. Thanks for the feedback @snowscan.

rooted … very good box. I enjoyed a lot and learned a lot

Type your comment> @gokuKaioKen said:

rooted … very good box. I enjoyed a lot and learned a lot

:smile:

Hii! Nice machine! I´ve found a code… but i dont know what to do with it. I m also looking an image…not sure about if it means smthing.

Any hint? :blush:

Spoiler Removed

This is probably one of my favorite active machines so far :slight_smile: The root was amazing.

Thanks @MrR3boot !