Wall

Does anyone have websites/resources explaining why the “VERB” hint works? Seems like a purely CTF trick, but curious if this is really a common vulnerability in the wild, and also why it works.

Type your comment> @reedsee said:

Does anyone have websites/resources explaining why the “VERB” hint works? Seems like a purely CTF trick, but curious if this is really a common vulnerability in the wild, and also why it works.

It is an artificial configuration option and I think there is no System Administrator on the Earth who chooses it.

Finally I managed to get a shell. Any hint to get from w**-**** to s****y ?
edit
rooted :slight_smile:

Can someone PM me a hint? i have discovered the m…php a…php and p…php page but i don’t know how can i bypass or login in m…

Help in c********* cardinals
Found it but I don’t know it relation between it and the ctf
Thanks @LoRKa
Now am in editing cve exploit to get shell

Type your comment> @Meise said:

Can someone PM me a hint? i have discovered the m…php a…php and p…php page but i don’t know how can i bypass or login in m…

I’ve decrypted the b4 hash and I get some credentials, but I don’t know how to pass it in m*****

edit: I think those are wrong credentials… you all say that there is a page named c***…

edit2: done, I have the login page. I was so dumb.

ok have php shell but the s…h is not working shuts down after fist line
it is the right version but keeps failing
i am in a rwx dir. please advice

Type your comment> @argot said:

Type your comment> @n4sa said:

Completely stuck here with just a*.php, p****.php, m*********, s*****-******.

@argot can you give us another hint? lol

So, I figure there are two ways to get this. “Very good OSINT skills” or VERBS.

English teachers can be very good at monitoring their class. Often times, if you use the wrong verb, they wont let you go. If you use different VERBS, maybe they’ll let you go or at the very least they’ll be more talkative.

There are lots of verbs in the dictionary, but really you only need to know, like, six of them. Especially when trying to get a foothold.

thanks for the tip!

So while trying to get user (trying to add p****** or h*******), I am getting a lot of Forbidden (on m*****.g******.p*****). Is this meant to happen?! I’d appreciate some guidance!

Type your comment> @0X44696F21 said:

So while trying to get user (trying to add p****** or h*******), I am getting a lot of Forbidden (on m*****.g******.p*****). Is this meant to happen?! I’d appreciate some guidance!

I’m in the same situation, trying to find a way around

can some one hint regarding rooting this wall . I’ve treid screen local previleged but fail. PM for a hint

now the script is not working. just dies. what’s going on guys?
for 3 day no problems getting first shell now even after reset nothing???
same script same all. And yes i have changed my ip in the script.
did it a couple of time already. grrrr

Never mind got a shell thanks to the web apps working now on privesc :slight_smile:

Rooted !

User was hard for me (I succeeded with and without the exploit but it was haaard)
PM me if you’re stuck I’ll be happy to help you.

Root is so easy it takes 5 min max.

Alright, rooted ! this is my first box :smiley:

To get the right page’

  1. The common thing that did by the teacher for their student during exam. A right script to enumerate the page will help you.

The user’

  1. this is easy’ this is very common actually you don’t need to brute force it. but if you experience difficulty there’s a right wordlists.

The shell’

  1. CVE > but it will not work easily you need to modify it to get the shell

Privilege Escalation’

  1. CVE > Remember ippsec’s website will give you help, just do a good enumeration after you get in to the shell, if you found an interesting thing based on your enumeration just use it to search term.

Thanks to @Kaligero and @GetGetGetGet

Type your comment> @anguzmar said:

Man that was painful, took me ages to get the first shell to work, and then the machine was crashing every few minutes so I had to redo the process over and over again.

After getting shell, the exploit to get root wasn’t working either and was throwing a very obscure error. Turns out the issue has to do with leftovers from windows.

A few pointers:

  • Forget the CSRF token, use the API.
  • First CVE: Print the result of your requests. If you get 403, there is a reason for it.
  • Second CVE (privesc): Basic enumeration, it stands out pretty quick. If you use vim set ff=unix.

Noobs question, but…when using Burp, i can see which page gives us a “403”. But how do you ask the pyhon script to print the result of each command on screen?

Finally after a long working , rooted the box .

Thanks to you guys :
@jrgdiaz
@r0xas
@stoffern
@beorn

Regards

heey everyone i am completely new at this and i dont have a cleu how to start. i know you have to start with a scan and i used nmap and dirbuster but somhow i get nothing from it. can someone PM mee to get me started how to get started.

@danKawan said:
Alright, rooted ! this is my first box :smiley:

To get the right page’

  1. The common thing that did by the teacher for their student during exam. A right script to enumerate the page will help you.

The user’

  1. this is easy’ this is very common actually you don’t need to brute force it. but if you experience difficulty there’s a right wordlists.

The shell’

  1. CVE > but it will not work easily you need to modify it to get the shell

Privilege Escalation’

  1. CVE > Remember ippsec’s website will give you help, just do a good enumeration after you get in to the shell, if you found an interesting thing based on your enumeration just use it to search term.

Well I’m done with box but I would like to know how did you get usr/cred using api method . PM .

Hi Guys, someone could help me. I had a match for the creds but it no longer working so I think I’m on the wrong way. I will explain in PM my process and where I am to not give to more information :slight_smile: Thx!