Arkham

got the backup.img file, extracted stuff using bin***k, fixed corrupt zip file and i dont know what i am supposed to be looking for.

Can someone explain why that “Potentially risky method” on 80 port does not work as many whitepapers tell it should work? And maybe you could send me articles about exploiting this kind of vulns?

Hi, I could use a nudge please. I got the zip → decrypted the img file → I think I found the s**rt in the tmct files. What do I do next? PM me please. I have a couple ideas but I don’t want my comment to be flagged as a spoiler. Thx.

Type your comment> @dontknow said:

Can someone explain why that “Potentially risky method” on 80 port does not work as many whitepapers tell it should work? And maybe you could send me articles about exploiting this kind of vulns?

That potentially risky method allows peope to upload files on the server like reverse shell etc.

This box is definitely beyond my capabilities, but I would like to learn something from it. If anyone that has been able to decrypt and mount the b*****.i** I would like to know how you did it.

Based on the information I could get using the command line tools I couldn’t find any hashes to crack with a custom built dictionary from rockyou.txt.

Anyone that is willing to teach me a little something I would appreciate it.

Type your comment> @jfx41 said:

This box is definitely beyond my capabilities, but I would like to learn something from it. If anyone that has been able to decrypt and mount the b*****.i** I would like to know how you did it.

Based on the information I could get using the command line tools I couldn’t find any hashes to crack with a custom built dictionary from rockyou.txt.

Anyone that is willing to teach me a little something I would appreciate it.

Cracking not needed. You can try to research binW**k tool.

Type your comment> @hansraj47 said:

Type your comment> @dontknow said:

Can someone explain why that “Potentially risky method” on 80 port does not work as many whitepapers tell it should work? And maybe you could send me articles about exploiting this kind of vulns?

That potentially risky method allows peope to upload files on the server like reverse shell etc.

That really looks like answer about PUT. I wanna confirm, are you talking about TRACE or PUT?

Spoiler Removed

@dontknow said:
Type your comment> @hansraj47 said:

Type your comment> @dontknow said:

Can someone explain why that “Potentially risky method” on 80 port does not work as many whitepapers tell it should work? And maybe you could send me articles about exploiting this kind of vulns?

That potentially risky method allows peope to upload files on the server like reverse shell etc.

That really looks like answer about PUT. I wanna confirm, are you talking about TRACE or PUT?

about PUT

Anybody got any nudges about bypassing restrictions and restoring the admins powers? I think have the right exploit but powershell says no.

Awesome machine :slight_smile: Root was very nice!

Anybody willing to help with decrypting the vs value? I have the key, but I keep getting “bad magic number” when using openssl to decrypt it. Please pm me. I did many different tests, but I’m failing, any hint in the right direction is appreciated.

Would be also useful is somebody could pm me answers to the following questions:

  1. is the MAC part of the value? Should I isolate it before decrypting? I tried with the whole string or to isolate the mac (with b64 extra space) needed space from the beginning and the end of the string, unsuccessfully.

  2. are the + in the value part of the b64 string? Or are they there because of url requirements? Again, I tried with the whole string, part by part, unsuccessfully.

  3. is -pass the correct switch to pass to enc? This seems to be the more appropriate, but I tried to pass my secret in different ways and it didn’t work.

  4. am I correct that my real key is the decoded secret?

I’m running out of options, at this point I feel like I’m bruteforcing the string, I only try minor changes but without seeing why it should be different from everything else I tried.

Type your comment> @kecebong said:

i got zip file and able to mount the img file and got the secr3t for my faces. and i could see the faces in UserSubscribe.faces but i unable to decrypt it using online web tool, anyone kind enough to point me the right direction? or any link should i read?
thanks

got Bat shell, but can’t do anything, tried U** bypass and found .b*t file but no luck what >> to do, anyone kind enough to shed some light?
thanks

finally

I am able to decrypt, encrypt and sign… But none of the payloads are working… all i get is 500 error… tried decrypting encrypting and signing available V******** and that gives me 200
Confused!!! Any Help would be appreciated

Ran B**k over the b****.g but I don’t see anything interesting. Had a squizz through the Tt files, but nothing stands out. Would appreciate if someone could shoot me a PM.

I need a nudge please. PM me please

Managed to get the string from relevant files from the img. Need some help on how to decrypt viewst and also how to encrypt using secret. Any nudges welcome!

stuck on way forward to admin, have two users, nudge appreciated if someone has time. cheers.

Cracking for the password…