Wall

Rooted. Thanks @redshift for helping with the payload.
Thanks @greenpanda999 for explaining the API.
Thanks @amra13579 for giving me the shell inspiration.
Thanks @beorn for the final nudge on root.
Yes. It takes 4 to help me getting over this box, (Shows how noob I am), but do PM me if you need help.

Am I the only one not following the teacher and verb hints… I have all the pages mentioned above, tried multple HTTP methods. Used burp to assess the auth etc.

Any hits or DMs would be greatly appreciated

Tips:

  • Initial access: Maybe by using a different method you could bypass that authentication?
  • Shell: Security is tight, and the thing you find won’t work out of the box. Do it manually to test your attack
  • Privesc: Standard enumeration will get you what you need.

I’m really struggling with this c******* page. Cannot find it with gobuster/dirb and am not getting the verb/teacher hint. Can someone PM me pls :slight_smile:

Made it to w**-d*** and a reverse shell with the help (and not so subtle “hint”) from @harshallakare. @beorn was also a great help. Now, I guess it’s onto enumeration and privesc!

Well I enjoyed this box and have rated accordingly thanks to the creator

Is metasploit’s password.lst enough for c*****? I’m far far away from the nearest servers so bruteforcing is not so easy for me.

hi, what tools do you use to find c*****?

Rooted, great thanks to @bngrsec for the nudges :slight_smile: I must say this has been one of the most inconsistent boxes I have seen here so far :frowning:

  • guessing / bruteforcing to me is always big letdown
  • the CVE which I thought was the point of the box (as it was found by the creator) is not even needed
  • getting root before user was very-very strange…

Rooted. What a box! It drove me mad when I tried to apply the CVE. Sending payload after payload and nothing returns. It felt like a real life scenario, where you do not know if your assumptions are correct. I learned a lot, despite the fact the most of my attempts did not succeed.

Great thanks to @bngrsec, @D8ll0 and @saikarer for the nudges.

PM me if you need a hint.

Finally rooted! Took ages to find a good payload, and a few minutes to escalate to root!

Finally rooted! Big thank you to @menessim for helping me though this one!

This was a lot of fun and some learning experences for me!

I gotten shell hahahah but eu server is down :frowning:

Great box! If you get stuck, PM for hints :slight_smile:

Stop spamming the box…

Nice gotten root. PMs welcome.

Root finally. User it takes a long time comparing root

hi, can someone send me the full name of c******.
I understand that it is possible to get busted for this I use:

crunch 8 8 cqwertyu -t c@ @ @ @ @ @ @ -o test6.txt

python3 ./dirsearch.py -u ‘http://10.10.10.157/’ -e php -w /root/Downloads/boxs/tools/dirsearch/test6.txt --random-agent
. It’s just very long and permanently disabled server.

Getting the user was very hard for me (harder than root).
On free servers box is quite unstable and sometimes you need to wait a lot of time to see if the thing you tried worked.

I liked this box in general, I’ve learned a lot of stuff.
Thanks to the author!

You don’t have permission to access /c…n/m.g.p on this server.
This happens whenever I try to setup any execution on the server :expressionless:
Is this correct machine behavior? Looks weird.