Resolute

*Spoiler Removed

Think someone have tried to be funny and change the password…

Easiest user I’ve ever done.

@extincted said:
Think someone have tried to be funny and change the password…

Think more about what you’ve seen, and what it indicates about the system.

edit: solved. removing initial post.

user.txt
so easy

Is ke**********g the way to go?

Type your comment> @Ma1ware said:

Is ke**********g the way to go?

No need for that, at least for user

HI guys, can you please give me a hint on where to go to get user on resolute, I tried searching for exploits on the services that nmap found, but nothing worked.
Thanks

I may have spotted the root vulnerability, could be a rabbit hole

I have a bunch of usernames but most options require passwords. The only option from I****ct without password returns nothing. Also is 445 a rabbithole for user?

Type your comment> @tang0 said:

I have a bunch of usernames but most options require passwords. The only option from I****ct without password returns nothing. Also is 445 a rabbithole for user?

No. try harder

Type your comment> @tang0 said:

I have a bunch of usernames but most options require passwords. The only option from I****ct without password returns nothing. Also is 445 a rabbithole for user?

Check the output from your enumeration process line by line. Since you have the usernames, I guess you probably didn’t see it, due to some error messages.

Got into user 2, the hint makes it sound difficult.
Edit: On the edge of root now, interesting vuln.

Built my root payload, now to get it executed right

hey guys ! So I got access to rp******* with the creds. But I don’t know what to do from here can you please give me a hint?
Thanks

So I have the right creds for the first user, but it’s been an hour I search, and I find nothing interesting in the S** shares. Do you have a hint ? :frowning:

Edit : I’m dumb, I do not did a full scan so I didn’t saw the high port.

is r*** needed to get root?

Very nice box, its all about enumeration , and for root a little bit of googling if you are not familiar with technique

Spoiler Removed

root has such a cool exploitation process, just read carefully the blog after you get your root foothold.

I really enjoyed it @egre55 , thank you!

If you guys need nudges, PM me, but please don’t come with messages like “Are these credentials valid?” , because I won’t respond to these type of questions anymore.