Wall

@c1cada said:
■■■■. Why so much hate? Lol. I get @asker made a box with some annoying “walls” to climb, but in frustration comes education. When you distill this box down it exercises some pretty fundamental pentest skills. No matter your status you can never practice the fundamentals enough. So yes. This box forced you to climb some “walls” but these walls were not that major and they forced you back to basics. In that way this is a great box. I very much enjoyed the fundamental principles and practice.

He didn’t make annoying walls. He just created a self-advertisement.
Apart from the initial foothold which was interesting and definitely had a learning-experience, the later part - and I’m especially talking about rooting the box - is totally uninspired and required zero effort (both for him and the attacker).
It’s just comes down to a random exploit, that has nothing to do with the previous findings, or requires any skill besides “basic enum”. And I’m sorry to say that, but “basic enum” & browsing exploit-db is nothing that should reward you with 30 points.

Rooted! Thanks @zalpha & @toka . DM, if need a nudge.

I’m a noob, Ive found the api but can someone PM me with how to interact with it. I haven’t worked with an api before. Currently I’m just fuzzing it but essentially I need some help, or a link. Thank You

rooted.
Initial shell was a pain. got user and root with one exploit. not sure if it was the intended way.

I_Feel_Satisfied when learned the trick to bypass the wall, hope it’s not a spoiler :slight_smile:
Thanks @askar

Can someone PM me how to brute-force c******* login page?

Can I please get a hint on how to deal with m********?

I tweaked the python exploit, it saves the payload (I can see it in the UI) but I don’t get a connection back, although it works locally. Any help?

Someone could please send some hints in PM how to twinker the python script?

I need a hint for the repair of the exploit please.

Hi guys, is there someone who can tell me how I can get the credentials for C******** ?
I already used Hydra for bruteforcing, I tried bypassing, I tried the default credentials of the service.

I’m stuck here for a while.

Edit: I have found the password manually!

I hate when all of you talk about how easy the privesc is because that means I sit here and never figure it out and feel dumb.

Guys I need help please!
is that normal that when I enter the right credentials into c****** login page , it just simply shows me the access “Forbidden page”?

Hello fellow hackers!
What did everyone use to get creds for c******** ? BurpSuite takes forever, and Hydra comes back with false positives. If anyone has any resources, please pm me! Thank you!
Happy hacking!

I cracked the credentials for the c******n login page but I have no idea what to do next .
Can someone give me some hints please?

Type your comment> @c1cada said:

cracked the c**********, now python CVE not working… tested, using right ip and port , the script says it is triggering succesfully, but nothing is hitting my listener any ideas?

Same. I just keep editing, launching, checking listener to see a blinking cursor… repeat ad nauseum. Back to editing :slight_smile:

when running the exploit script unmodified under the ad*** account I get “You don’t have permission to access /c*******/main.get.*** on this server.” Same if I go in and manually try to edit the poller config. Is the correct path to modify the command in the script to bypass whatever filter they have in place that stops you from entering raw commands? Or is there another route to take to take using the A*I?

I am having trouble finding the credentials. I have tried numerous efforts by brute forcing with hydra, but it seems csrf is preventing me from doing so. Others have been able to discover the credentials without brute forcing the login and I would like to know what they are doing to find the creds manually.

Edit: I was able to brute force the creds thanks to a very useful post on the forums here.

Not sure what I’m missing here but I can’t see any c*** page. The teacher hint isn’t clicking with me either.

What is the valid form?

x.php:u…
/:u…