Writeup

Rooted, great machine!

I have tried utilized the sql exploit to get the credential. But the username is always j7. It seems not to be the right user. Cound anyone tell me what’s the problem. It’s appreciated that you can pm me. Thanks.

.

Hello can anyone help me? I think I found the dir and process I have to mess with but struggling with what to do next… help please

Great machine
Thanks @jkr

Finally, finally rooted!

USER: Enumerate, and (as many people suggested) get the wappalyzer add-on.
ROOT: Fairly straightforward, I don’t want to give anything away so you’re on your own for this path.

Feel free to PM me for any hints/questions!

I found /r******t with nmap and now trying to exploit c service to get user am I on right track ?

Type your comment> @Cl0wnK1n9 said:

I found /r******t with nmap and now trying to exploit c service to get user am I on right track ?

service?

Hi there, can anyone help me with the hash? I am running kali on a VM and so can’t run hashcat… The --cr*** option requires a wl that I can’t seem to find. Any help is appreciated!

Type your comment> @tbbt said:

Hi there, can anyone help me with the hash? I am running kali on a VM and so can’t run hashcat… The --cr*** option requires a wl that I can’t seem to find. Any help is appreciated!

“locate wordlists”

Type your comment> @Fidget said:

Type your comment> @tbbt said:

Hi there, can anyone help me with the hash? I am running kali on a VM and so can’t run hashcat… The --cr*** option requires a wl that I can’t seem to find. Any help is appreciated!

“locate wordlists”

Thanks, I got it this time. I tried this one before but I was just impatient, I guess.

Type your comment> @tbbt said:

Hi there, can anyone help me with the hash? I am running kali on a VM and so can’t run hashcat… The --cr*** option requires a wl that I can’t seem to find. Any help is appreciated!

try online crack md5

Ah, ■■■■! Some guys just reset the box! Stop it whoever’s doing that! :frowning:

Can anyone help me with root. Got everything but donno why it isn’t working

i had a realy hard time trying to get root until i used the tool pspy (great tool!! thx)!

thx for this vm! learnd a lot and got a new tool :slight_smile:

guys how did you find out the version of that technology is running in the web server? I used w********* and nmap but I can’t make them show the version therefore I can’t look for specific exploits

Hi all, could anyone PM a nudge to a newbie here? I think I’m on the right path after a quick scan through the posts here but I’m also struggling with a certain “T” variable. I’ve tried every variation of value I can think but I still get blocked. My python knowledge needs improvement I think :frowning:

rooted , fun and easy box :slight_smile:

hi, i got password and st but i cant crack it. I tried using the '–ck’ option on the script but it doesnt seem to work. im pretty sure i have to crack it reading this topic, and since the passwords doesnt work anywhere (ssh and /wp/a*)…
hashcat doesnt seem to work neither: i stops, saying dictionary cache hit.
any hint please? i feel like im close

edit: got user, the script finally cracked it :slight_smile:

User: Way easier than most other boxes and the exploit is pretty sweet. The exploit should do all the carrying for you (you shouldn’t have to use hashcat or JTR) . Remember to check what you get with other services running; don’t fall victim to tunnel vision for one specific service.

Root: I tried doing it without the tool everyone has been mentioning here at first. Unfortunately, things fire off too quickly for you to capture and inspect, so you’ll need to use the tool. It’s pretty apparent what you need to do once you take a look at a few things and doing basic enumeration. VIP users will need to generate traffic so open another terminal and start a ssh session. The trick is not what to do, but how to do it. Someone recommend watching Ippsec’s lazy walk-through which straightened up a few things for me. Hopefully this isn’t TMI.