Obscurity

Spoiler Removed

@rholas pm if you need help on the second step

Someone got the shell???

when i changed my browsers proxy settings, 80 port opened but with 404 eror. Any hint?

Yeah i’m stuck afraid to admit. Any hints on initial ? I haven’t found anything particularly juicy

:slight_smile: @clubby789 , I hate you (in a good way tho… lol). Great box! :slight_smile:

well, text of 404 error on port 80 seems wierd coz its parsing whole url as a doc name, but i dont know what to do with it. any hints?

rooted, very straightforward box…

:slight_smile:

uid=0(root) gid=0(root) groups=0(root)

I enjoyed this very much, thank you @clubby789! But I think misclassified, it’s one of the easiest ones currently available.

@idomino said:

I enjoyed this very much, thank you @clubby789! But I think misclassified, it’s one of the easiest ones currently available.

I may have misset permissions at a particular point ;).

Type your comment> @clubby789 said:

@idomino said:

I enjoyed this very much, thank you @clubby789! But I think misclassified, it’s one of the easiest ones currently available.

I may have misset permissions at a particular point ;).

lol I know what you mean. Not having that knowledge would have made it definitely harder :smiley:

Type your comment> @HumanFlyBzzzz said:

Yeah i’m stuck afraid to admit. Any hints on initial ? I haven’t found anything particularly juicy

same here, I only know whats on the main webpage and my gobuster scans aren’t working

Thx @s0clyst , looks interesting. I’m turning in for tonight, had one too many drinks. Don’t drink and hack kids lol

I am getting an empty response (no errors, just empty…) from the server when sending the payload to get a shell. Does anyone have a similar problem?

which wordlists are u guys using to get to the S****SS.py file ??
or should we look for it without scanning too much

Type your comment> @c00de said:

which wordlists are u guys using to get to the S****SS.py file ??
or should we look for it without scanning too much

stay simple, stay common… Once you choosed the wordlist, Burp, intruder and you will get it!

Type your comment> @phat said:

Type your comment> @c00de said:

which wordlists are u guys using to get to the S****SS.py file ??
or should we look for it without scanning too much

stay simple, stay common… Once you choosed the wordlist, Burp, intruder and you will get it!

i forgot to add the port to the url hahaha

any hints on how to restore key for user or bruteforce is the only way?

EDIT: Got user. On my way for root. Bruteforce seems to be the only way to restore a key

Rooted the box, but I’m not sure it was an expected way. Can you share how you got root with me, because it was way too easy

Hmm pretty much stuck on init foothold, found some corrupted files via source code auditing