Having trouble with the initial fuzz. Using typical approaches that have worked on other machines and returning nothing. I’ve seen the hint about the 404 message, but not sure how to use it. Any nudge would be much appreciated. Thanks.
My experience with this box was interesting. This is probably the first CTF-Like box I had done, so it was definitely an experience for me.
Foothold: Not really much to say, forgetting a few basics along the way, but fairly straightforward.
User: Dealing with a corrupt file made my life a little harder than it probably should have been, but I managed to manually do what I needed by understanding the logic and do some open sourcing along the way.
Root: Um, not really much to say, was a little disappointed, but still fun.
Overall, not super difficult for a beginner like me. Learnt one or two things along the way, but nonetheless it was a fun intro box to CTF-Like ones.
Thanks to @Hilbert for putting up with my ramblings and @bertalting for helping me fix my initial foothold issue.
Rooted. My experience:
Foothold: Need a little bit of clever wfuzz. Just look at the 404 error its giving if you need hint…
User: The hardest one in this machine. I spend a whole day for it… You will need programming and math skills for decrypting it.
Root: Really easy once you do the user. Remember, if you cannot do a thing quickly, that’s why scripts were invented…
Feel free to PM me for hints. But I won’t be available for whole day. So be patient if I don’t reply…
have got an obscura page… now what should i do i cant find anything
Struggling with finding the directory…
Tried a lot of fuzzing tools including the praised ffuf without any luck
Need a bit of help,let me know if I can pm for nudge
Got root
Thanks @clubby789 for the box, so much fun!
Also learn some new things
still trying to find directory, can you give me a nudge please?
@lesleybw said:
Struggling with finding the directory…
Tried a lot of fuzzing tools including the praised ffuf without any luck
Need a bit of help,let me know if I can pm for nudge
it’s really easy guys. Probably you are rushing with wordlists and not thinking clear. Step back a second a think about the syntax. You have the child and want to fuzz the parent…
Got root
Thanks @clubby789 for the box, so much fun!
Also learn some new things
still trying to find directory, can you give me a nudge please?
@lesleybw said:
Struggling with finding the directory…
Tried a lot of fuzzing tools including the praised ffuf without any luck
Need a bit of help,let me know if I can pm for nudge
it’s really easy guys. Probably you are rushing with wordlists and not thinking clear. Step back a second a think about the syntax. You have the child and want to fuzz the parent…
Got root
Thanks @clubby789 for the box, so much fun!
Also learn some new things
still trying to find directory, can you give me a nudge please?
@lesleybw said:
Struggling with finding the directory…
Tried a lot of fuzzing tools including the praised ffuf without any luck
Need a bit of help,let me know if I can pm for nudge
it’s really easy guys. Probably you are rushing with wordlists and not thinking clear. Step back a second a think about the syntax. You have the child and want to fuzz the parent…
yeah, i got the idea. but not the (working) tools.
found a directory and the file manually.
now figuring the next step
Can someone please give me nudge on finding the secret directory for the py file. Tried brute forcing with dirb but it fails for some reason.
Thank you
Great box, slightly CTF-y though. Thank you @clubby789
Foothold: Rather than going with your traditional tools, I suggest finding the file manually. In the file, look for something that could get you in.
User: I felt this was pretty straightforward, enough hints hereon the thread.
Root: Did it the unintended way first (because duh), but then later did it the intended way. It’s pretty easy, don’t go down rabbit holes.
Not really sure how to fuzz this, can someone send me a > @d3kum1d0r1y4 said:
Can someone please give me nudge on finding the secret directory for the py file. Tried brute forcing with dirb but it fails for some reason.
Thank you
Same here, somehow I’m unable to fuzz this box. Can someone PM me a nudge?