rooted
So this being my first box - quite enjoying it so far. However, got as far as the py code and know where the vuln is… just have no clue how to go about it! Any nudges are welcome
Rooted finally! Had a lot of fun with this one.
As others have mentioned, I found user to be much harder than root.
Some tips:
Foothold: How can you get somewhere else from where you are? Read the code carefully and understand what it’s doing. How can you make sure the server handles your request the way you intend it to?
User: Again, read the code. This is a common equation. Basic algebra helps here, write it out.
Root: Code will tell you everything, time is of the essence. What inputs do you have control over? Focus on that.
Any nudge?
Got the py file and modify it to run locally but not getting any output.
Having trouble with this box, I’ve ran it through dirb, gobuster, nikto to no avail…I know I’m missing something, I can feel it in my bones. ANY help would be greatly appreciated!
Type your comment> @greenbandit said:
Having trouble with this box, I’ve ran it through dirb, gobuster, nikto to no avail…I know I’m missing something, I can feel it in my bones. ANY help would be greatly appreciated!
use ffuz. read the page carefully and identify the child and where to FUZZ .
@sko said:
Type your comment> @greenbandit said:Having trouble with this box, I’ve ran it through dirb, gobuster, nikto to no avail…I know I’m missing something, I can feel it in my bones. ANY help would be greatly appreciated!
use ffuf. read the page carefully and identify the child and where to FUZZ .
I got the password for the user r****t, however when I try to log in with it I get an authentication error. Anyone had the same problem?
ok, rooted.
At first, i had the very same issues as many other while fuzzing. When i eventually got it i felt quite stupid for having wasted soo much time thinking of being working on something different…
I then sweated dozens of shirts while looking for the foothold, but i knew it was just a matter of time and retries…hint: check every value and debug on local.
User was already there. I mean: not so much difference from plaintext if you can do it also with excel!
If you are a right clicker like me, be careful with encoding. Things are not always as they show on screen.
Root is easy.
Rooted. This was a nice machine to get you to work on coming up with your own solutions, which in my opinion is a great way to learn and improve. Big thanks to @clubby789 for a nice box.
Now for the hints
INITIAL
- Things need to be a little fuzzy in order to find what you need.
- Remember to execute your plans to the letter.
- One-liners are all you need.
USER
- Scripts and texts. All you need.
- 1 + x = 2 (Find x)
- Got what you need? Now pick the lock.
ROOT
- So you think you’re better than me?!
- If only I was fast enough…oh wait! I don’t have to be.
- The cat will reveal all.
If there are spoilers here, let me know and I’ll edit this.
As always, PM me here (Don’t write on my wall as it’s public), or on Discord. Tell me your progress so I can avoid spoilers (don’t just ask for a hint or a nudge!).
Got no matching directories by using dirb, dirbuster, wfuzz. Small assist will be appreciated.
rooted
thank you rholas and Zer0xdz
although it’s easy to have root due to priv issues the intended way is fun. Super easy if you understand the code, anyway thx to @clubby789 for this box
Type your comment
Hi all
I dont understand but the shell was not stable
I obtain that
invalid syntax (, line 1)
EOL while scanning string literal (, line 1)
and cannot navigate normally did somebody could be help me if not have this.
thanks for your help
Type your comment> @gunroot said:
Got no matching directories by using dirb, dirbuster, wfuzz. Small assist will be appreciated.
anytool IP/FUZZ/child
Type your comment> @lolotlse said:
Hi all
I dont understand but the shell was not stable
I obtain that
invalid syntax (, line 1)
EOL while scanning string literal (, line 1)
and cannot navigate normally did somebody could be help me if not have this.
thanks for your help
Consider that others are working on your same box, and your shell is in the same “context”, so you may see some other error.
Take what you need and go ahead.
Foothold is not intended to be the goal.
I’m really stuck at code injection point. No shell was opening when I inject the code. Can anyone help me? I don’t know why my payload isn’t sanitising properly. Tried different ways, but nothing worked out. Anyone please give me a nudge.
@Chobin73 said:
Type your comment> @lolotlse said:Hi all
I dont understand but the shell was not stable
I obtain that
invalid syntax (, line 1)
EOL while scanning string literal (, line 1)
and cannot navigate normally did somebody could be help me if not have this.
thanks for your helpConsider that others are working on your same box, and your shell is in the same “context”, so you may see some other error.
Take what you need and go ahead.
Foothold is not intended to be the goal.
Thanks for your answer.I search hard…
happy new year everybody