Wall

Type your comment> @b3c0n said:

my nc is not getting anything >< darn exploit… help anyone ??

i am having the same issue

I see that some have gotten w**-d*** shell, but is the forbidden error in the c******* part of the game? In running the published exploit?

@Tohzzicklao said:

For those struggling with the correct payload to get a shell, remember bash can decode things in a certain base. Remove if it’s too much info xD

Hmmm, and that has to be carefully crafted, we don’t want a rm -rf / in there :wink:

@toka said:

for people struggling at getting initial shell, you have to modify your exploit code

  1. check this box’s name, why it says “wall”?

I rooted with a command left by someone else, can you PM me what the box name has to do with it?

as a dum dum, im really not getting the VERB hint. Can someone PM me some help?

Type your comment> @xcyp3r said:

Anyone wanna team up for this box ?

I’m down. i’m a rookie and not getting some of the hints here.

Type your comment> @godzkid said:

anyone who has rooted it please pm me
i am struggling to get the correct payload to get reverse shell to get command execution
help me

how did you managed to get that script works ? im in c***** and the script doesnt works even for a single ping

Got root. box is very slow in free servers
user way is a strange. root way (easy) (www-data->root) match with one machine from OSCP lab.
PM for hints

any hints on how to upgrade from www to root?

I popped the box. R00T baby!

This was a great box, no complaints, I learned things. Thank you!

Type your comment> @hiwire said:

This was a great box, no complaints, I learned things. Thank you!

some clue

I have creds for the service, but need help getting the exploit to work. I’ve tried formatting it in different ways/using different commands with no luck. Please PM for some direction.

How ya’ll getting creds for c*****? Trying to run hydra at it but might not have a great grasp on the syntax

@0x6a666c6a72 said:
I have creds for the service, but need help getting the exploit to work. I’ve tried formatting it in different ways/using different commands with no luck. Please PM for some direction.

Same here, if anyone could point me to the right direction it would be greatly appreciated :smile:

@saminskip said:
How ya’ll getting creds for c*****? Trying to run hydra at it but might not have a great grasp on the syntax

Execute hydra -U <protocol> if you want to get a quick understanding of the syntax. It includes some examples that could inspire you.

I suppose I’m weak on the final “Login Failed” portion ect. How best to work out the syntax to let hydra know it has a failed login.

Rooted the box.

What worked for me:

  • Using the API for brute-forcing the password. If you know anything about web apps vs. REST APIs you know why.
  • Using the API for exploiting the vulnerability. I couldn’t get the payload to work using the known exploit. After some frustration, I wrote my own script that took my remote command as an input, and allowed me to execute the exploit using the API. Worked right away! After completing the box I think I know why the REST API was a better path.
  • I went wd → root. Basic enumeration showed something that could easily be exploited for priv esc.

DM if you need a nudge.

after reading the forum and a message, i also wrote a brute-forcer in bash with api for the fun., but from exploit, you can also do the same in python

this challenge is the pits

i recently noticed that i hate hacking
im pretty sure it’s just become a self-harm ritual at this point

i do not understand the low rating, i had lots of fun with this box, pretty fast done everything taken into consideration.

:slight_smile: thanks @askar