Stuck with the creds on the API, any nudges?
i believe both uname and pw is the top 1 on the wordlist…
@0byte, silly me, got it thanks!
Don’t really do the forums, but finally rooted this and would like to say thanks to @thek
Really enjoyable, and the user part was a great example of how you can gain a practical understanding of some theory. Root was frustrating but RTFM able, Really enjoyed it.
Argh, have hard time cracking the s** key for b***, please someone PM for some nudges.
EDIT: Nvmd, got it, thanks to @Rolesa, missed an important enumeration.
edit: probably spoiler
the machine behaves differently compared with this morning, after issuing a reset it should be in the exact same state, but it is not
edit: probably spoiler
about 1,5h after reseting the machine, the machine allows me to execute the uploaded reverse shell… looks like I missed part of the URL (shell.php?numeric)
edit: got it
Can anybody give me a hint, because I stuck on enumeration and I can’t find anything people talk about here. Only found api ( but no creds), b****hp and in
EDIT: got user, but I can’t find a way to get a second user. I also found .c*t file, but I don’t know how it can help me. Can anybody give me some hints?
Stuck at a point where I am able to s** as b*** and log in to the b* app with the creds I found.
The next step is most likely to get a reverse shell through the app, but not sure how to proceed with it. Nudges are highly valued!
Edit: Moved a step forward, thanks @aho!
oh man finally rooted, PM for nuggets
Finally I got my root shell.
Nice box, user part was pretty straightforward.
Root part is so cool.
Allelujah, rooted. After a reset, someone have deleted the root flag, i’ve searched everywhere… -_-’
Rooted, my first hard box was really fun. Thanks to everyone who helped me! @Rolesa @gorg @aho .
Please, PLEASE don’t delete flags next time, I’ve lost 1 whole day enumerating beyond the intended.
PM for nudges.
I got root.txt but not rooted yet!
Maybe tomorrow
I wasn’t familiar with r****c but it seems like a really good tool.
– deleted
Need nudge towards root - have access as bt user. found some interesting files in the folder where the bt app is hosted and a ct file belonging to w**-d** user (couldnt extract due to invalid format). I see that r***c may be the exploitation path but dont know how to piece all this together. DM please for nudges.
So, rooted finally. My first hard box, what a journey! Had fun with this one. Thank you @thek
I’m not gonna write any tips this time- plenty of help already in this thread. Probably even too much. Nevertheless PM me for nudges if stuck.
Anyone else is having a problem, when logging in into the web app - the credentials are right, but it shows an “Uncaught Exception”, and cannot continue from there?
EDIT: Never mind, changed the browser, had some issue with cookies.