Wall

@rowra It’s about the way you approach the pages. Start thinking about different ways to view and interact with the pages.

Spoiler Removed

Fully enumerated but I am stuck on what to do next ??

And rooted. Very disappointed :confused:

Same, any hints on how to interact with .php or p**.php?

@ToneDef said:

Same, any hints on how to interact with .php or p**.php?

Don’t ¯\_(ツ)_/¯

It sounds like most folks are just bruteforcing m*. would default kali wordlist work ??

i got the a*.*** and p****.*** and /m*******
and am stuck now . how can i find credsto login ?
any help

Rooted, the root is so simple. Thanks to the creator of the box ! :smiley:

I don’t think root was intended as it is right now. Initial shell got straight to root with literally the first hit on google

Type your comment> @rowra said:

I don’t think root was intended as it is right now. Initial shell got straight to root with literally the first hit on google

This is not normal, a person had to change the configurations…

Type your comment> @godzkid said:

I found m******* , a*.php
Can’t find p******.php .
Give hint.

The hint with the teacher and verbs is in reference to one of these pages. @terabitez helps too when clarifying that hint.

what do you think about b…p ? or just a rabbit

give hint,
in c********
no login

Looking for a hint on logging into c*******…

Type your comment> @Cybeernoob said:

Looking for a hint on logging into c*******…

Brute force with a popular list, there is a snakey script related to the software version that can help you deal with csrf tokens.

Type your comment> @Cybeernoob said:

Looking for a hint on logging into c*******…

@godzkid said:
give hint,
in c********
no login

The a** maybe useful for brute force. :wink:

Type your comment> @terabitez said:

Thanks @argot. Your teacher reference helped me not feel insane after many variations of directory scanning failed. @Nihlander writing a script and “guessing” aren’t really the same things. I found the default creds on the developers websites, but no dice. Throwing hydra at it currently since my logically targeted guesses aren’t working.

A little nudge on thought process of where other potential passwords might be found would be helpful.

Having fun with you guys though so far :slight_smile:

Indeed, writing a script to bruteforce the creds and guessing aren’t the same thing. The credentials are so basic that can be guessed though.

I found a login (the m********* one) . found 2 php files with just plain text as output .
found a directory which need authentication. Need to logged in any help please

Rooted a few hours ago.
Respect for the maker of the CVE but I felt like he just made that machine to do
a publicity stunt for himself.

Hints:

  1. Think simple you dont have to “GET” what you need as soon as you enumerate all of the pages :wink:
  2. API is never worthless
    3.CVE x2