It sounds like most folks are just bruteforcing m*. would default kali wordlist work ??
i got the a*.*** and p****.*** and /m*******
and am stuck now . how can i find credsto login ?
any help
Rooted, the root is so simple. Thanks to the creator of the box !
I don’t think root was intended as it is right now. Initial shell got straight to root with literally the first hit on google
Type your comment> @rowra said:
I don’t think root was intended as it is right now. Initial shell got straight to root with literally the first hit on google
This is not normal, a person had to change the configurations…
Type your comment> @godzkid said:
I found m******* , a*.php
Can’t find p******.php .
Give hint.
The hint with the teacher and verbs is in reference to one of these pages. @terabitez helps too when clarifying that hint.
what do you think about b…p ? or just a rabbit
give hint,
in c********
no login
Looking for a hint on logging into c*******…
Type your comment> @Cybeernoob said:
Looking for a hint on logging into c*******…
Brute force with a popular list, there is a snakey script related to the software version that can help you deal with csrf tokens.
Type your comment> @Cybeernoob said:
Looking for a hint on logging into c*******…
@godzkid said:
give hint,
in c********
no login
The a** maybe useful for brute force.
Type your comment> @terabitez said:
Thanks @argot. Your teacher reference helped me not feel insane after many variations of directory scanning failed. @Nihlander writing a script and “guessing” aren’t really the same things. I found the default creds on the developers websites, but no dice. Throwing hydra at it currently since my logically targeted guesses aren’t working.
A little nudge on thought process of where other potential passwords might be found would be helpful.
Having fun with you guys though so far
Indeed, writing a script to bruteforce the creds and guessing aren’t the same thing. The credentials are so basic that can be guessed though.
I found a login (the m********* one) . found 2 php files with just plain text as output .
found a directory which need authentication. Need to logged in any help please
Rooted a few hours ago.
Respect for the maker of the CVE but I felt like he just made that machine to do
a publicity stunt for himself.
Hints:
- Think simple you dont have to “GET” what you need as soon as you enumerate all of the pages
- API is never worthless
3.CVE x2
@NiC95 Check @argot’s hint earlier in the thread.
Choose your words carefully when making a request.
I am in urgent need to root this box (means i have less time )
i have found c**** exploit py but it is not working but it is also suppose to work
please pm me with this i need hint
as far as I can tell, the credentials provided on the developers webpage, don’t work
reading this discussion it is said that they are really simple
hmmm
Type your comment> @gorg said:
as far as I can tell, the credentials provided on the developers webpage, don’t work
reading this discussion it is said that they are really simple
hmmm
i am inside c****
just exploit not working
In this box both exploits did not work for me. But after repairing they work well.
So consider that as a part of the game and happy rooting
Please PM me if you have a useful hint. Got all the pages, yes I got the ‘doc redirected’ as well. This box is irrational, comments above prove it. Yes Teacher/yes GET# etc, still can’t get a foothold. :@