Wall

Can someone pm me a nudge for the root? I have spent several hours now with different enumeration scripts, tried several exploits for the kernel, nothing seems to execute. I am very demotivated since everyone says that root was so easy, but i’ve tried and tried :confused:

Found the exploit at last, really look through what is installed.

someone ping me i need help on making script for brute-force.please someone ping me

:stuck_out_tongue:

Struggling with CVE, tried to fix the script by tracing packets, it says 4** forbidden while PT request. Found the parameter with burp, tried to inject own payload vi UI, did encoding, tried different commands nothing working it says 4 forbidden. Kindly give some good hint.

For those that are having issues with the password, you can easily modify the exploit code for the vuln to bruteforce the application or easily take a few guesses. I went the first route for a challenge it was fun and helped improve the python skills. Now on to see where to go next.

I was able to login to the website, but now what? The exploit I’m using on metasploit doesn’t seem to work. Please give me a nudge :frowning:

Can someone give me a nudge on root? I’m in w**-**** and have run a bunch of enumerations, looked at permissions, but I’m going to be totally bluntly obvious here. I haven’t seen enough to know what should be jumping out at me, so I’m not even sure what I should be enumerating.

One thing that definately stands out is that I see p**-f* is run by **** but I’m not sure if it is a huge rabbit hole I’m falling in.

Nevermind!! Rooted it!!

As people say, just look at your enumeration, it is literally staring you in the face.

It was so simple :frowning:

Can someone plz pm for what to do after finding /m*******/c******
I get a login prompt because “Protected area by the admin”. but can’t get my hydra bruteforce to work.

Type your comment> @iQimpz said:

Can someone plz pm for what to do after finding /m*******/c******
I get a login prompt because “Protected area by the admin”. but can’t get my hydra bruteforce to work.

You’re probably going about it the wrong way. Look at the webapp’s API a bit more, specifically how you’d automate a login. If you need a hint PM me.

Really struggling with this CVE, tried modding the script, param modding with Burp and carrying out the steps manually, while I can see the requirement I can not seem to get anything to talk back to my machine. Can anyone give me a hint on the CVE syntax?

Been at this all day and have finally managed to get RCE. Anyone have any good resources on running commands with no whitespace?

Edit: Managed to resolve the whitespace issue, getting my ■■■ kicked trying to get shell now, not sure if its due to blocked ports or me making a ■■■■■ of things

Edit: Finally got a shell, need sleep… 2moro root

Edit: Finally rooted. Any one looking for hints/help feel free to PM me

Hey all,

Is there a way to get credentials of the c*eon page without brute-forcing it? I had tried a lot of common password without success . I did this with username an and r**t. Please help me if am wrong and a nudge will appreciated!

Type your comment> @G00dspeed said:

Rooted:

This one was an interesting ride for sure. I get the feeling this box was all about teaching the main challenge and how it’s execution works. Which is okay because I learned a lot in the process.

To those struggling - Your scanners should give you all you need to get started. You actually need to learn how to make the exploits work, and once you are in it’s just some enumeration + CVE.

PM me if you need some help.

@MrPennybag said:
Got root!

My hints:

User:
Find the /c******* login with burp and the Teacher Hint!
There you can also do basic web enum which give you something to talk to.
google the response and github will help you with the c*** command for rocking the creds
if you use exploit it will be helpful to output the response to see that ther are No No’s and then google what you can do!

Root :
Basic Enum and find what sticks out of the basic files for Priv Esc and google cause google is your friend!

Hope it will help and don’t spoil!

If help is needed you’re welcome!

Thanks to @askar for this box learned a lot

successfully get the user credentials after that can i do

Hey, im stuck from the very start could anybody help me please. Much thx in advance:)

Man the path to root jumps out but it is very lackluster at the end. The initial challenge was fun. I enjoyed modifying the exploit to use for the initial brutefore (not really needed but a good learning experience) then modifying the exploit to validate my manual commands worked. Then the final modification of updating the payload to simplify the return back in.

Delete if this is spoiler, but I was getting different results from burp and zap. After floundering with ZAP, burp got me what I needed. (No idea why they where different, if anyone knows please PM me on discord.)

EDIT : Never mind, I found out what the issue was.

nevermind, rooted.

Ok, for the love of god how did anybody figure out the creds to the m********* page? I have tried absolutely everything and nothing works. Ive tried rocking it, tried the verbs, I saw the responses but the code given tells me nothing basically. Any hints other than what has already been said would be appreciated.

Got Local shell and root shell, using GUI method

can someone please dm me how to priv esc from w**-d*** i have the shell enumerated too but got nothing except one uncracking hash