Don’t really do the forums, but finally rooted this and would like to say thanks to @thek
Really enjoyable, and the user part was a great example of how you can gain a practical understanding of some theory. Root was frustrating but RTFM able, Really enjoyed it.
about 1,5h after reseting the machine, the machine allows me to execute the uploaded reverse shell… looks like I missed part of the URL (shell.php?numeric)
Can anybody give me a hint, because I stuck on enumeration and I can’t find anything people talk about here. Only found api ( but no creds), b****hp and in
EDIT: got user, but I can’t find a way to get a second user. I also found .c*t file, but I don’t know how it can help me. Can anybody give me some hints?
Rooted, my first hard box was really fun. Thanks to everyone who helped me! @Rolesa@gorg@aho .
Please, PLEASE don’t delete flags next time, I’ve lost 1 whole day enumerating beyond the intended.
Need nudge towards root - have access as bt user. found some interesting files in the folder where the bt app is hosted and a ct file belonging to w**-d** user (couldnt extract due to invalid format). I see that r***c may be the exploitation path but dont know how to piece all this together. DM please for nudges.
Anyone else is having a problem, when logging in into the web app - the credentials are right, but it shows an “Uncaught Exception”, and cannot continue from there?
EDIT: Never mind, changed the browser, had some issue with cookies.
i’m really stuck on priv-esc, i’m on the webapp dashboard and I’ve tried everything I can to get revshell/codeexec… but i’m still there. Someone who can help me? D:
So, i’ve got the user b**t but have no idea where to look for root. i’ve found a hash from .versin file and it’s salt from the same directory. i’ve also got a login form in /bot. How should i proceed