Wall

Rooted a few hours ago.
Respect for the maker of the CVE but I felt like he just made that machine to do
a publicity stunt for himself.

Hints:

  1. Think simple you dont have to “GET” what you need as soon as you enumerate all of the pages :wink:
  2. API is never worthless
    3.CVE x2

@NiC95 Check @argot’s hint earlier in the thread.

Choose your words carefully when making a request.

I am in urgent need to root this box (means i have less time )
i have found c**** exploit py but it is not working but it is also suppose to work
please pm me with this i need hint

as far as I can tell, the credentials provided on the developers webpage, don’t work

reading this discussion it is said that they are really simple

hmmm

Type your comment> @gorg said:

as far as I can tell, the credentials provided on the developers webpage, don’t work

reading this discussion it is said that they are really simple

hmmm

i am inside c****
just exploit not working

In this box both exploits did not work for me. But after repairing they work well.
So consider that as a part of the game and happy rooting :wink:

Please PM me if you have a useful hint. Got all the pages, yes I got the ‘doc redirected’ as well. This box is irrational, comments above prove it. Yes Teacher/yes GET# etc, still can’t get a foothold. :@

Type your comment> @Thms84 said:

Please PM me if you have a useful hint. Got all the pages, yes I got the ‘doc redirected’ as well. This box is irrational, comments above prove it. Yes Teacher/yes GET# etc, still can’t get a foothold. :@

Never mind, I give up. Does not worth the time.

Well, my native language is not English, so it’s hard for me to guess which page I should access with these tips. Is there a technical way to find this page that starts with c? I mean, is it possible to find it with some Kali wordlist, for example?

What I have so far are the three already mentioned.
a*.***
p****.***
m*********

I’'ve done all kinds of requests that can be made with the protocol, and nothing.

Edit: Just to explain, the tips are language independent, I was making a typing mistake. =/

I’'ve done all kinds of requests that can be made with the protocol, and nothing.

Which ones specifically? Did you not get any extra information from them?

Type your comment> @rowra said:

I’'ve done all kinds of requests that can be made with the protocol, and nothing.

Which ones specifically? Did you not get any extra information from them?

PM you.

Edit: Thank you @rowra and @argot !

augh!! any hints on the c******* login credentials? i know it is supposed to be easy but I have gone through all the plainly obvious ones…

Type your comment> @krisd4 said:

augh!! any hints on the c******* login credentials? i know it is supposed to be easy but I have gone through all the plainly obvious ones…

Are you sure about that? If you rock the authentication, you should gain some useful information.

@godzkid said:
Type your comment> @gorg said:

as far as I can tell, the credentials provided on the developers webpage, don’t work

reading this discussion it is said that they are really simple

hmmm

i am inside c****
just exploit not working

hw did u get in ?

Type your comment> @hackerst34k said:

hey @krisd4 how did you find that c****** login pages because i tried every wordlist but i didnt find any directory starting with c*****

refer to the teacher hint…“verbs” can be an attack vector by teacher especially when u r in an English class.

am stuck on /c****** creds
i can’t find them on developers webpage as said
please any hint ?

terrible. i stuck on finding /c****** to and need help. please !

Spoiler Removed

Spoiler Removed

Type your comment> @krisd4 said:

you could describe the METHODS using only about six VERBS, if you GET what I am saying…

that’s almost spoiling :wink: