Remote

Rooted. Easy, but fun box. Lose a lot of time finding the right payload in the first step… Been stupid. After, Root is 10 minutes formality… on VIP box :wink: PM for Nudge

@kimleepark said:
Which file am I supposed to find in this many files? Can someone please give me a little hint?

Think about what you’re looking for - credentials. Do some googling about what file contains those for this CMS

Type your comment> @kimleepark said:

Which file am I supposed to find in this many files? Can someone please give me a little hint?

use find and point attention to the files it returns. one of them is very specific

Thanks all. I got the user.

That Exploit PoC is a bit hard to understand.

Really cool box, enjoyed both parts, the initial foothold and the priv esc

For user:

  • It is similar in a certain way to other two services that are running in the machine
  • Which version is running?

For root:

  • Search for a list of windows privilege scalation, try everything or try smart, anyway, both will give you what you want

not so sure whats going on while i get access via burp the minute i translate that to code it hangs the minute itry to reauth using browser it never reconnects for like 10 -20 minutes

if i copy the valid command to curl from burp it takes 11-17 seconds than will work in browser but yet i can never hit stage3 url of the poc even after heavily modifying it can anyone give me some insight what im doing wrong after logging in via burp i get a dict of info via successful username and pass but that’s as far as i can get the other dir is a redirect and never seems to get me anywhere /***tall dir is redirect am i lost?

I cannot find any kind of creds… I tried many files and googling. But google suggest database which i don’t have access to. This machine is driving me insane! Its suppose to be easy and I can’t even go one step further… Any help would be appreciated…

Spoiler Removed

Spoiler Removed

heyy…can someone please give me a initial foot hold… i have done the nmapand dirbuster

im struggling to see anything with the files

can anyone help me with opening that s*f file ?

Type your comment> @deathflash1411 said:

can anyone help me with opening that s*f file ?
anything will do

So I’ve managed to get code execution and can transfer files but nothing more. Not sure where I’m going wrong here. Would anyone be willing to pm a nudge?

Type your comment> @deathflash1411 said:

can anyone help me with opening that s*f file ?

strings

got a password “r3*********n” but dont know how to use it. :frowning:

Type your comment> @calamaris said:

This m***t **s is so luggy, my terminals stuck

Yeah even an ls command is taking ages!

Rooted!
Initial is quite tricky but easy. Root can be done within 10 minutes.

Need help? Pm me

Please help me with user.
I’ve got username (s****) from one of the file and also got login portal.
I’ve tried password bruteforce using Hydra, but no luck.
Is there anything else that I am missing out for the password?