Wall

Rooted!

Feel free to pm me if you need help at something :slight_smile:

Rooted and User, PM for Hints

Seems like I might just have to skip this box for now, don’t know much about Python so can’t really edit/fix the exploit. Still a fun box to attempt.

Type your comment> @JuicyyCandy said:

Seems like I might just have to skip this box for now, don’t know much about Python so can’t really edit/fix the exploit. Still a fun box to attempt.

Although programming in Python is an important skill for a hacker, it is not necessary to jump this Wall.

easy box for root
but hard for gussing

root@Wall:/tmp# id
id
uid=0(root) gid=0(root) groups=0(root),33(www-data),6000(centreon)
root@Wall:/tmp#

Type your comment> @vu1ns0c said:

root@Wall:/#

Perfect Box for me.

Foothold:
Why enumerate with dirb?
'Enumerate the creator :wink:
No need for bruteforce the credientals are basic af.

Tip : teacher hints were not helpful for me at all

User : If the exploit doesnt work… maybe try triggering the servicr directly without any exploit…

Root : Crack the ‘screen’ already.

As always if spoiled too much remove this :slight_smile:

Feel free to pm.

Thanks to @rholas for the hints

thank you, i was stuck for hours. looked at it before but didnt search for exploits. omfg it feels so much better now :smiley:

Rooted! Thank you IppSec :smiley:

Hello, i’m having trouble with the AP*, already read the docummentation and ask with the correct “VERB” but no matter which credentials i use the responde from the AP* is always the same “Ba* Pa********” anyone can give me a little help about this?

I’ve been able to get past the /m********* page.
The /c******* page is giving me a hard time. I’ve tried using h**** but it’s only given false positives.

Can anyone help? I’m a n00b

Just rooted now, finally!

Overall this is a great machine and makes you really think about how to get around things.

At times I thought that the exploits were not working but persistence pays off in the end.

Hints:

Initial foothold:

Enumerate
Look at the responses then think of other ways to interact with the pages.

Once you find something to use, think about defaults then think simple things people use.

User:

Once you have logged in, find the CVE and modify it to get past the wall and bring a connection back.

Root:

This was the easiest bit, once you exploit this you will have both user and root flags.

Overall hats off to the creator great box for learning.

Rooted! Feel free to contact me for hints :slight_smile:

Hello i managed to bruteforce it with hydra. But i wan to reply that with burp suite, however i cant, it gave me a 403 forbidden error, even with the right credentials and with the SAME petition that my PC does to the server with hydra. Any help?

Type your comment> @YoSeLoUnd3r said:

Hello i managed to bruteforce it with hydra. But i wan to reply that with burp suite, however i cant, it gave me a 403 forbidden error, even with the right credentials and with the SAME petition that my PC does to the server with hydra. Any help?

Never mind. Found the error, what a funny machine :smiley:

i’m failing to find the c*****. I dint understand where to find it. Need help please in finding the login page

After almost one week of trial and error i was able to bypass the waf, jesus… the most interesting is that the payload works on the script, but it doesn’t directly on the webpage :S

Hey, I came across to some comments about the results of dirbuster, whereas some were able to get more results than others. I downloaded Dirbuster from sourceforge, the zip contains 2 executable, namely the .sh and the .jar. My .jar finds less than the .sh even using the same settings.
Just wanted to leave this comment here. :slight_smile:

Type your comment> @Nt3c said:

After almost one week of trial and error i was able to bypass the waf, jesus… the most interesting is that the payload works on the script, but it doesn’t directly on the webpage :S

Without spoiler, any tips on how to by pass this f***ing WAF? I’m on it since 10 days…

I got the creds to c****** and I also found the exploit script , but it doesn’t seem to work.
any nudges please ?

Type your comment> @kalagan76 said:

Type your comment> @Nt3c said:

After almost one week of trial and error i was able to bypass the waf, jesus… the most interesting is that the payload works on the script, but it doesn’t directly on the webpage :S

Without spoiler, any tips on how to by pass this f***ing WAF? I’m on it since 10 days…

You need to understand the exploit (read the original article) , and you should modify it to evade WAF. After some attempts you will notice which characters and strings you should substitute to avoid 403 responses. Use proper substitutions.

Rooted. A very fun box minus the brute-forcing.
Thanks @donkeysnore for the help on creds respect++;
Thanks @askar for the box, learned a lot.
Nudges service is open on my PM port, feel free to NC in :wink: