rooted - nice box, I really appreciate that the box was stable and could be exploited without stumbling over spoilers from others (being on the free server, often that’s an issue). Now I know what people meant with “its easier than expected if you know it” (for getting user). Hint for user: Use the name of the box for an INITIAL pointer for where to take a closer look at, nothing more. First, I had the right idea but wasted some time because I somehow got misled by those “look at the name of the box” posts (my fault, I know…). root was easy, guess I did it the lazy way.
If anyone is around that I can hit up about the initial entry, let me know. I’ve found a few things I think might be useful, but I have no idea what to Google at this point to find any sort of information to learn from as everything I’ve tried didn’t appear applicable to this. I’m sort of week on the javascript/json/api side of things and would really like to strengthen that, but it’s hard to do when you have no idea where to start.
If anyone is around that I can hit up about the initial entry, let me know. I’ve found a few things I think might be useful, but I have no idea what to Google at this point to find any sort of information to learn from as everything I’ve tried didn’t appear applicable to this. I’m sort of week on the javascript/json/api side of things and would really like to strengthen that, but it’s hard to do when you have no idea where to start.
I’m in the same boat. I know what I need to do (roughly) but based on talking to some other people, I don’t know if I have the tools to do it.
I’m trying to get user.
I have found a** / a****** and a** / t**** is there any other endpoint or I have to work with the other 2? Or has nothing to do with that?
Found too the creds but seems worthless
Thanks a lot @Cyb3rb0b for such a nice box.
Got root using both lazy (Thanks @TsukiCTF for mentioning his repo. It actually took more than 5 minutes, but who counts :)) and the slow (intended? way)
Loved the slow way much better as it requires you to actually do something
Had fun
PM/DM for hints (although everything was already told here)
Pretty sure I know what needs to be done in terms of giving it that special kind of t***n, but I can’t find any creds to discover what that thing should look like before I make some special modifications…
Pretty sure I know what needs to be done in terms of giving it that special kind of t***n, but I can’t find any creds to discover what that thing should look like before I make some special modifications…
So far, I’ve spent more time setting up a Windows VM just to DO THIS BOX than I have actually working on the box itself. Not sure if this is intended or not, but I spent the last 8 hours trying to figure out how to do it in Linux and it doesn’t work.
If anyone has any hints for bypassing this, PLEASE feel free to reach out. I’m on the verge of insanity and really not enjoying myself, lol.
Edit: I figured out how to do it on Linux. But Jesus Christ, that was not a fun ride. Moving forward with this knowledge now though.
found the two endpoints as others have mentioned been messing around with ys****al, couldn’t get it to generate on kali so used my windows box really not sure if this is the right way to go.
Do i mix cereal with biscuits or keep stringing along
Got the token, tried to modify it to trigger SSTI because one of the parameters reflected on the webpage in a funny manner, got nothing out of it. People mentioning ys******* and I don’t understand how do you get to that point, what’s the link between this machine and ys*******? I see no evidence whatsoever to even think about using ys*******.