Wow, what a ride very very nice machine, learned a lot. Thanks @no0ne and @Adamm for the work here.
User : All you need is in the login portal. If there is some parameter that is working strange, investigate what is that field and the response given. After that there are interesting tools that would give you some extra information. The process until getting user is long but it deserves. Thanks a lot to @NPCMaster and @farbs for helping here.
Root: This is a tricky part, I had the solution but lost a lot of time because it worked sometimes. Now I understand why
Never been stuck for the very initial step for so long on a machine… and despite the errors I can google, no idea how to bypass the login.
I know this machine is prolly beyond my current level, but so many people say it’s awesome that I am (was) keen to give it a go anyway…
Can someone give me pointers on what to read about with regards to the initial login? I can trigger an error and have read about the API, but I’m not sure how that can be exploited.
That was superb. I learned so much from this box and while I have always known about a lot of the vulnerabilites I have never made the effort to test them out, until now.
Definitely need help advancing. I’m after login screen for about a week now
Got all the .php files, enumerated sqlite, no idea how to proceed.
Will appreciate any help.
Thank you
Edit:
Thanks to @Pilot51 for the help with getting the foot down.
This part was crazy hard for me and not because of encryption.
I literally tried tens different ways to get inside after I already had all the information collected
After you’re inside the encryption theme continues and gets more interesting
It took me couple of weeks to get initial foothold (and I don’t mean the login screen)
and then the user and root part were much clearer
Thanks to the box creators @no0n3 and @Adamm it was real challenge and pleasure (though I have more gray hairs now )