Idk how people aren't more upset about this box. The process of getting a shell is completely unreliable. Got a shell after repeating the same thing several times and it just finally worked. Then my shell crashed after about 3 minutes. Going back to get a shell again, doesn't work. even after several retries and waiting more than 10 minutes. It's just poorly implemented
Totally stuck on initial foothold. I used dirbuster, found some juicy js-files, but they require user access. I did create a user and used burp proxy with coin transfer and user creation/login to fuzz with the parameters, but have no idea how to enumerate for the user credentials. Could only check other users coin balance with cookie editing. Any help/hint/nudge is much appreciated as this is really frustrating!
Though the instability / unpredictability can prove to be quite a hurdle this is a very fun and satisfying box in the end. The extra points for it being rated 'insane' are definitely a bonus 😋
PM is open for nudges!
~~~~~
Don't forget that +respect button if I helped you!
I am struggling to work out how to approach this. I have done lots of enumeration but not sure if the potential HTTP method that shouldn't be available is something that I have to use to get a username or something that you eat.
Wow! Now that was fun. Tu for a very challenging box @Gioo & @Cneeliz. Cheers to @chvancooten for the couple of nudges to get me focused and back on track.
I'm having a rough time putting all the pieces together to gain initial foothold. Found vulnerabilities in a few different places where I can read files. Found another that lets me "execute" files when something happens. Not sure how to go about using what I have to do anything with b***********.**p and none of my usual tricks on these vulns want to work due to what I believe to be no write permissions.
so.... because this box are not running as expect i will let then and start to another box, tried to create a user with random usernames and passwords and its not possible, reset already on luck.... hope the creators taken a look on it.
Hi,
I explored this machine for a while (Last two days). I checked several things starting, as usual, what is open and what is close. For each open I discard, for the moment, most of the "opens" and I dig a lot with one of them. Basically playing with money and figure out how to leverage this. So, if anyone could give some nudges I will appreciate. I am still a noob and my immagination is still place me in hole rabbits. I just need an idea to explore. Unfortunately I can explain my findings here to avoid an spoiler. Thanks guys.
Looking at the message when submitting the form after logging in as a user, I guess there is a vuln that can exploit the admin's browser, but no vuln is found yet.
Looking at the message when submitting the form after logging in as a user, I guess there is a vuln that can exploit the admin's browser, but no vuln is found yet.
I am on the same stage. I tested many things. Even stupid ones. Now, I am evaluating one possibility pointed by some users. But I need to learn a bit. It is something new for me. But for the moment, what I read give some ideas and where to focus. The main idea, usually, is modify the normal behaviour. Easy to say
There was nothing wrong with what I was doing. The reaction was slower and unstable than I had imagined when reading this forum, so I didn't realize I was on the right path.
The initial foothold does not require complex skills. All you need is patience. If something goes wrong, be patient and keep on the right path.
Or you may need to reset.
Well, after one week tring several things and getting some interesting nudges I got access to the account with ****.tx*.
I exploring it using s*** function and b******* function. From the GUI and directly using bu***. Unsuccesful. I tried to switch to other ennumeration methods using the credentials I found here but again unsuccesful. I dont' think it is about ip spoofing. But if someone could give a clue, I will appreciate it. Did I forgot any step? Maybe the text information is an important clue?
I have the same problem as you. Only other balances can be enumerated after user login is created. Don't know how to proceed, have you bypassed? Ask for hints. Just want you to give me a hint?
this box is not stable. x** doesn't always get triggered, user shell disconnects without any reason, b****2.e dies while trying to exploit and it wont recover so you have to reset and wait for x again... I felt like i was doing a side quest in a game.
Edit: also there is a chance that you can get an error page with my**l password visible if you are fast enough after reset.
Got response from the box twice this morning in a 5 minute period. Been trying with the same method since and not getting any response at all. Machine has been reset. Seemed to work for a short period yesterday evening too. Very frustrating to make progress when there is no consistency in response times.
Rooted ... very nice machine. Machine is stable in contrast to what others say. Yes, the exe will crash if you put in too much, and yes you will have to reboot. Big deal, it's your own fault and then you immediately know what to do (almost real live) ;-) And yes it takes about a minute before the event in your X.. is kicked off. Take some coffee and setup your second listner, create your msfv... e.. and your smbse.... in the mean time. This machine would not look out of place in the OSCP lab as a hard machine. Lot's of fun....Well done (goed gedaan) @Gioo & @Cneeliz!
Rooted ... very nice machine. Machine is stable in contrast to what others say. Yes, the exe will crash if you put in too much, and yes you will have to reboot. Big deal, it's your own fault and then you immediately know what to do (almost real live) ;-) And yes it takes about a minute before the event in your X.. is kicked off. Take some coffee and setup your second listner, create your msfv... e.. and your smbse.... in the mean time. This machine would not look out of place in the OSCP lab as a hard machine. Lot's of fun....Well done (goed gedaan) @Gioo & @Cneeliz!
And what happens if someone left the machine with that exe crashed and you find it at that state? I will tell you what, hours of enumeration without finding anything before you finally decide to reset.
I know it is my fault to crash it but my point was it should recover.
Can someone give me a push in the right direction? on the s**** i could read the sourcecodes of all the h files in the webroot and checked the source of the b*************.
I changed what ever i (think) i can in the requests and for the love of god i can't get it to do what i want.. Am i on the right track ?
Rooted ... very nice machine. Machine is stable in contrast to what others say. Yes, the exe will crash if you put in too much, and yes you will have to reboot. Big deal, it's your own fault and then you immediately know what to do (almost real live) ;-) And yes it takes about a minute before the event in your X.. is kicked off. Take some coffee and setup your second listner, create your msfv... e.. and your smbse.... in the mean time. This machine would not look out of place in the OSCP lab as a hard machine. Lot's of fun....Well done (goed gedaan) @Gioo & @Cneeliz!
And what happens if someone left the machine with that exe crashed and you find it at that state? I will tell you what, hours of enumeration without finding anything before you finally decide to reset.
I know it is my fault to crash it but my point was it should recover.
I guess it try to show possible real scenario where some app are not well designed. You can call to the company and tell them: Hey dudes, I am trying to hack you and your fucking exe is hang. please could you inform your developer to do better his job. I am an important hacker and I cannot waste time with this kind of issues #joke.
Comments
Idk how people aren't more upset about this box. The process of getting a shell is completely unreliable. Got a shell after repeating the same thing several times and it just finally worked. Then my shell crashed after about 3 minutes. Going back to get a shell again, doesn't work. even after several retries and waiting more than 10 minutes. It's just poorly implemented
Totally stuck on initial foothold. I used dirbuster, found some juicy js-files, but they require user access. I did create a user and used burp proxy with coin transfer and user creation/login to fuzz with the parameters, but have no idea how to enumerate for the user credentials. Could only check other users coin balance with cookie editing. Any help/hint/nudge is much appreciated as this is really frustrating!
Though the instability / unpredictability can prove to be quite a hurdle this is a very fun and satisfying box in the end. The extra points for it being rated 'insane' are definitely a bonus 😋
PM is open for nudges!
~~~~~
Don't forget that
+respectbutton if I helped you!I am struggling to work out how to approach this. I have done lots of enumeration but not sure if the potential HTTP method that shouldn't be available is something that I have to use to get a username or something that you eat.
Wow! Now that was fun. Tu for a very challenging box @Gioo & @Cneeliz. Cheers to @chvancooten for the couple of nudges to get me focused and back on track.
Ok. The idea was awsome! Sadly it was quite buggy.
If you are confident that your payload should work, try it again several times.
Discord: Blaudoom#1254
Loved this box and very recommended for every OSCP student. The idea that it's like breaking into a bank is awesome
Sec+ | OSCP
Always happy to help but remember give some rep to my profile if I helped you! :-)
I'm having a rough time putting all the pieces together to gain initial foothold. Found vulnerabilities in a few different places where I can read files. Found another that lets me "execute" files when something happens. Not sure how to go about using what I have to do anything with b***********.**p and none of my usual tricks on these vulns want to work due to what I believe to be no write permissions.
Any nudge here or in private is appreciated.
so.... because this box are not running as expect i will let then and start to another box, tried to create a user with random usernames and passwords and its not possible, reset already on luck.... hope the creators taken a look on it.
Starting this machine. Let's start
Always happy to help you. Don't forget to give me respect.
Click here to access my profile.
Discord user: darvidor#2989
Hi,
I explored this machine for a while (Last two days). I checked several things starting, as usual, what is open and what is close. For each open I discard, for the moment, most of the "opens" and I dig a lot with one of them. Basically playing with money and figure out how to leverage this. So, if anyone could give some nudges I will appreciate. I am still a noob and my immagination is still place me in hole rabbits. I just need an idea to explore. Unfortunately I can explain my findings here to avoid an spoiler. Thanks guys.
Always happy to help you. Don't forget to give me respect.
Click here to access my profile.
Discord user: darvidor#2989
I am having an issue with b************.**p
Please DM for any nudges
I'm stuck with the initial foothold.
Looking at the message when submitting the form after logging in as a user, I guess there is a vuln that can exploit the admin's browser, but no vuln is found yet.
Type your comment> @pinkyghost said:
I am on the same stage. I tested many things. Even stupid ones. Now, I am evaluating one possibility pointed by some users. But I need to learn a bit. It is something new for me. But for the moment, what I read give some ideas and where to focus. The main idea, usually, is modify the normal behaviour. Easy to say
Always happy to help you. Don't forget to give me respect.
Click here to access my profile.
Discord user: darvidor#2989
Rooted.
There was nothing wrong with what I was doing. The reaction was slower and unstable than I had imagined when reading this forum, so I didn't realize I was on the right path.
The initial foothold does not require complex skills. All you need is patience. If something goes wrong, be patient and keep on the right path.
Or you may need to reset.
Well, after one week tring several things and getting some interesting nudges I got access to the account with ****.tx*.
I exploring it using s*** function and b******* function. From the GUI and directly using bu***. Unsuccesful. I tried to switch to other ennumeration methods using the credentials I found here but again unsuccesful. I dont' think it is about ip spoofing. But if someone could give a clue, I will appreciate it. Did I forgot any step? Maybe the text information is an important clue?
thank you
Always happy to help you. Don't forget to give me respect.
Click here to access my profile.
Discord user: darvidor#2989
I have the same problem as you. Only other balances can be enumerated after user login is created. Don't know how to proceed, have you bypassed? Ask for hints. Just want you to give me a hint?
Been stuck on the ::1 for hours now, tried changing origin etc with burp but to no avail. Any nudges on how to proceed are welcome!
this box is not stable. x** doesn't always get triggered, user shell disconnects without any reason, b****2.e dies while trying to exploit and it wont recover so you have to reset and wait for x again... I felt like i was doing a side quest in a game.
Edit: also there is a chance that you can get an error page with my**l password visible if you are fast enough after reset.
I am stuck with getting shell. any help please DM. I got to the a**** page and try x**. sometimes I get responses and sometimes not.
Got response from the box twice this morning in a 5 minute period. Been trying with the same method since and not getting any response at all. Machine has been reset. Seemed to work for a short period yesterday evening too. Very frustrating to make progress when there is no consistency in response times.
This is the first box I solved, thank you all.
Rooted ... very nice machine. Machine is stable in contrast to what others say. Yes, the exe will crash if you put in too much, and yes you will have to reboot. Big deal, it's your own fault and then you immediately know what to do (almost real live) ;-) And yes it takes about a minute before the event in your X.. is kicked off. Take some coffee and setup your second listner, create your msfv... e.. and your smbse.... in the mean time. This machine would not look out of place in the OSCP lab as a hard machine. Lot's of fun....Well done (goed gedaan) @Gioo & @Cneeliz!
Type your comment> @HESL said:
The foothold is literally in the PWK course
Type your comment> @HESL said:
And what happens if someone left the machine with that exe crashed and you find it at that state? I will tell you what, hours of enumeration without finding anything before you finally decide to reset.
I know it is my fault to crash it but my point was it should recover.
Can someone give me a push in the right direction? on the s**** i could read the sourcecodes of all the h files in the webroot and checked the source of the b*************.
I changed what ever i (think) i can in the requests and for the love of god i can't get it to do what i want.. Am i on the right track ?
Type your comment> @onurshin said:
I guess it try to show possible real scenario where some app are not well designed. You can call to the company and tell them: Hey dudes, I am trying to hack you and your fucking exe is hang. please could you inform your developer to do better his job. I am an important hacker and I cannot waste time with this kind of issues
#joke.
I also experienced this many times. Breath.
Always happy to help you. Don't forget to give me respect.
Click here to access my profile.
Discord user: darvidor#2989