any hint for low level shell as i was able to create user account and access the web pages on 5***. but not getting any usefull info from it. any help would be appretiated
need help please . i create compte in port 5*** and decode session and change user to 1 and encode them and replace old session with new but nothing !?? any hint please . how encode them by key or … thank
Rooted! The user part stretched my limits on modern web apps and authentication schemes. The root part was pretty straight forward, but still pretty fun.
Nice box @qtc. You can always tell how much time and effort you put into these. It is appreciated.
Just got user. Respect to @zaBogdan for the help. Initial enum is really important.
For root, I do understand what should be exploited.
Seems like another user is needed to send meaningful messages.
Should I found an RE on the wb s****r?
Thanks for any nudge!
Just got user. Respect to @zaBogdan for the help. Initial enum is really important.
For root, I do understand what should be exploited.
Seems like another user is needed to send meaningful messages.
Should I found an RE on the wb s****r?
Thanks for any nudge!
In my opinion this box could be considered insane. Thank you @qtc your skills are really impressive.
User hint: Enumeration and understanding the logic behind the applications. Anyway, my real hint is to study everything you’ll find (if you haven’t seen it already) to get to the solution.
Root hint: Enumeration. In my opinion it’s an insane machine, and you have to try hard. Look at what’s going on in the processes, understand how the applications communicate, and find a way to execute commands from one side to the other. Use google even this time.
I believe I know what technologies are at play and I know what the name of the box is referring to. I even tried a promising exploit on the co***ct page regarding the name of the box but it didn’t work.
Should not i be able to login somewhere as my customer account using connected auth account? If you willing to clarify how things work in this machine, i can pm my steps.