I am currently in Jail, found creds for DB and don’t know where to use it (they are not usable in G***). I changed the SQL statement in the file I found. to enumerate databases and tables, but no success so far.
Rooted.
Initial was tricky, but after that getting user.txt and root.txt took me about 30 minutes - probably because I spent way to much time reading all source code.
PM me for a hint.
I am stuck at the jail. Already got the credentials, all three of them, but I have no idea where to use them. Already tried SSH and looking through their gogs repos, but nothing worked. Can Someone please give me a hint?
I thought you were really in the can cuz your avatar almost looks lke a mugshot
Can anyone plz tell me why i cant seem to access the api or gog pages? They are returning as Server not found… Ive edit my /etc/host/ file to reflect both name resolves but still nada, im at a bit of a loss. Can anyone help me on this?
Can anyone plz tell me why i cant seem to access the api or gog pages? They are returning as Server not found… Ive edit my /etc/host/ file to reflect both name resolves but still nada, im at a bit of a loss. Can anyone help me on this?
I had to restart my browser after adding updating my hosts file.
Can anyone plz tell me why i cant seem to access the api or gog pages? They are returning as Server not found… Ive edit my /etc/host/ file to reflect both name resolves but still nada, im at a bit of a loss. Can anyone help me on this?
I had to restart my browser after adding updating my hosts file.
thanks chief didnt even think to do that, thanks for the reminder
This has been my favorite box so far. Love the Silicon Valley theme.
Pretty much all the hints have been given. This box is really about enumeration more than anything else and has a very logical progression. Everything you need is on Gogs. Follow the breadcrumbs, RTFM, and you should have root in no time.
This is not a hard box per se, just a lot of information and clues to gather- you just need to read EVERYTHING carefully.
Ok. I am going crazy here and might be missing something obvious.
I am running a** on b****** and see the c****-d* target. I originally thought I should tunnel from b****** to m****, but I don’t think that port is exposed.
So I managed to run S** via f**** sh***. I need a nudge now that I’m using p***** to look at m****
I found d****h user and I’m able to log in to brew. I can add the auth token header to POST data to brew db but I have no clue what to do next, how to generate RCE.
@halisha said:
I found d****h user and I’m able to log in to brew. I can add the auth token header to POST data to brew db but I have no clue what to do next, how to generate RCE.
Make sure you look through EVERYTHING. No fancy shell script required, just eyeballs.
You can get to it from the very first page you visit.
@halisha said:
I found d****h user and I’m able to log in to brew. I can add the auth token header to POST data to brew db but I have no clue what to do next, how to generate RCE.
Make sure you look through EVERYTHING. No fancy shell script required, just eyeballs.
You can get to it from the very first page you visit.
Thanks. I have escalated, I’m stuck at sending payload, managed to get ping but no way to get shell.
Can someone pm me and give me some guidance on getting shell? I tried a lot of stuff and I kinda understood how it works and what I should done but Im stuck due to linux knowledge.