rooted, If someone needs a nudge, pm with what you did and where you stuck exactly
Wow, I really like this box! Even though I needed nudges as I was overseeing the obvious things and began overcomplicating things and then followed the rabbit… ?
Wondering if v***t is a r-hole
Are the links supposed to resolve? I’m not getting anywhere on my foothold, here.
Edited to remove spoiler
Spoiler Removed
any nudge (apart from the Python one;)) will be appreciated.
are you guys using any tool for the initial foothold?
When i try to enumerate the tables i run command “show tables” but there is only one table “brew”
Type your comment> @conan said:
When i try to enumerate the tables i run command “show tables” but there is only one table “brew”
I saw another one too u***
@igaralf said:
are you guys using any tool for the initial foothold?
Just the source code for the vhosts and manual explore the present and the past
and finally…
Last login: Mon Jul 22 07:53:36 2019 from 10.10.10.110
root@craft:~# id
uid=0(root) gid=0(root) groups=0(root)
Type your comment> @conan said:
When i try to enumerate the tables i run command “show tables” but there is only one table “brew”
Read through the lines. How is it fetching the rows, can you make this differently?
Edit: Should save my advice for when I’ve actually finished it, sorry!
Type your comment> @tbbt said:
Type your comment> @conan said:
When i try to enumerate the tables i run command “show tables” but there is only one table “brew”
I think that’s a rabbit hole, but take my words with a grain of salt as I haven’t finished this box yet.
its definitely not a rabbit hole
Box was very interesting
Really nice box @rotarydrone - and for once, I didn’t have to ask @Leonishan for help - (although @Leonishan 's forum post ended up helping anyway). Good illustration of vulnerabilities that you see posts on Stack overflow warning about but are still likely to be ignored.
I am able to execute commands, but need a little nudge to move on. Anyone willing to help me, please PM me, don’t wanna spam everyone
/e: Alright, got user. Now onto root…
/e²: Got it.
this was an amaaazing machine, i OVERCOMPLICATED things immensely with socat reverse proxies and whatnot, because i couldn’t get good data from the server. I got o the point where i found several internal hosts which weren’t supposed to be accessed going the intended way.
Type your comment> @Ketil said:
this was an amaaazing machine, i OVERCOMPLICATED things immensely with socat reverse proxies and whatnot, because i couldn’t get good data from the server. I got o the point where i found several internal hosts which weren’t supposed to be accessed going the intended way.
I am looking at reverse proxies right now… is that not how to proceed?
Very Fucking Funny box!!!
My hints:
user: enumerate in pages with sources. then try to read a about some vulnerabilities with the lenguaje programming. then, You don’t need scape from nothing even use al sources. After that, start again from the beginning.
Root: put an in the files on home. Read documentation about it.
Thanks for this box!