Aragog

Look harder!! I havenā€™t rooted it yet, but I think I am on the right path (at last).

ok looked harder. need some help, anyone? PM me please!!

I see a weird job running. cannot say as to not spoil. but runs /usr/sbin/XXXX and in CAPS! file does not exist how is that possible?

with -f, then the other jobs which I cannot edit

I have been at this box for days :smiley:

THIS BOX IS MINE!!! At long last :tired_face: Wow! That was a journey lol

Well,

Ive read this thread and the tips a few time now; OWASP, Burp etc. I found the 2 files and when i read them i see that they are related. The thing that just escapes me is on how to combine those two for the next step. I burped every field and tried a lot but am missing a crucial step. I donā€™t know how to use the information i have right now. I think the amount of hosts with the netmask is far lower, but then?

Any kind soul who could guide me in the right direction with a PM?

@CyberWizard said:
Well,

Ive read this thread and the tips a few time now; OWASP, Burp etc. I found the 2 files and when i read them i see that they are related. The thing that just escapes me is on how to combine those two for the next step. I burped every field and tried a lot but am missing a crucial step. I donā€™t know how to use the information i have right now. I think the amount of hosts with the netmask is far lower, but then?

Any kind soul who could guide me in the right direction with a PM?

Iā€™m in exactly the same place as @CyberWizard , any pointers via PM without giving too much away will be much appreciated.

see if the site is hosting anything :wink:

I know a whole bunch about the box, but Iā€™m missing the how of many. :frowning:

@spoppi said:
deanos: as already stated in this thread look at OWASP Top 10 and put both files in conjunction

PM me for additional help if you need

@stevejglover said:

@CyberWizard said:
Well,

Ive read this thread and the tips a few time now; OWASP, Burp etc. I found the 2 files and when i read them i see that they are related. The thing that just escapes me is on how to combine those two for the next step. I burped every field and tried a lot but am missing a crucial step. I donā€™t know how to use the information i have right now. I think the amount of hosts with the netmask is far lower, but then?

Any kind soul who could guide me in the right direction with a PM?

Iā€™m in exactly the same place as @CyberWizard , any pointers via PM without giving too much away will be much appreciated.

guess many people are the same. Can you guyz give more clue about steps after finding out the ip stuff?

Man, this box is making feel like an idiot - I feel like it shouldnā€™t be this difficult to figure out what to do with the two files, lol

check the format of the file found somewhere else than http, then put both ā€œtogetherā€

If anyone has any other hints on how to use these two files please feel free to PM me. I feel so stupid. LOL

I think itā€™s the how of putting both ā€œtogetherā€ that Iā€™m struggling with

@phoenix192 said:
I think itā€™s the how of putting both ā€œtogetherā€ that Iā€™m struggling with

ahahaha to be more clear, you guys mean ā€œ.txtā€ as the file and its format? I told it very clear because finding it is not a challenge. I guess everyone made an NMAP scan and saw it. If yes, I found two things, one of them is that TXT and they both are about ā€œaddresses in IT worldā€. But putting both of them together didnā€™t make any sense for me. :slight_smile:

OK, getting somewhere now. Finally have user!
All necessary clues are in the posts above. Burp came in useful for me.
Learnt something new, nice!

@stevejglover said:
OK, getting somewhere now. Finally have user!
All necessary clues are in the posts above. Burp came in useful for me.
Learnt something new, nice!

@uck084 said:

@phoenix192 said:
I think itā€™s the how of putting both ā€œtogetherā€ that Iā€™m struggling with

ahahaha to be more clear, you guys mean ā€œ.txtā€ as the file and its format? I told it very clear because finding it is not a challenge. I guess everyone made an NMAP scan and saw it. If yes, I found two things, one of them is that TXT and they both are about ā€œaddresses in IT worldā€. But putting both of them together didnā€™t make any sense for me. :slight_smile:

@stevejglover said:
OK, getting somewhere now. Finally have user!
All necessary clues are in the posts above. Burp came in useful for me.
Learnt something new, nice!

Now I totally agree. all clues were given guys :slight_smile:

So i got user on the box, not sure how to Priv esc to root, got sql admin not sure where to go, any hints

I would also be very grateful for a hint. I suspect there are other versions of some files - and an ip that I havenā€™t found use for yet

Congratulations to that idiot who deleted important files and dirā€¦