Rooted. Easy, but fun box. Lose a lot of time finding the right payload in the first step… Been stupid. After, Root is 10 minutes formality… on VIP box PM for Nudge
@kimleepark said:
Which file am I supposed to find in this many files? Can someone please give me a little hint?
Think about what you’re looking for - credentials. Do some googling about what file contains those for this CMS
Type your comment> @kimleepark said:
Which file am I supposed to find in this many files? Can someone please give me a little hint?
use find and point attention to the files it returns. one of them is very specific
Thanks all. I got the user.
That Exploit PoC is a bit hard to understand.
Really cool box, enjoyed both parts, the initial foothold and the priv esc
For user:
- It is similar in a certain way to other two services that are running in the machine
- Which version is running?
For root:
- Search for a list of windows privilege scalation, try everything or try smart, anyway, both will give you what you want
not so sure whats going on while i get access via burp the minute i translate that to code it hangs the minute itry to reauth using browser it never reconnects for like 10 -20 minutes
if i copy the valid command to curl from burp it takes 11-17 seconds than will work in browser but yet i can never hit stage3 url of the poc even after heavily modifying it can anyone give me some insight what im doing wrong after logging in via burp i get a dict of info via successful username and pass but that’s as far as i can get the other dir is a redirect and never seems to get me anywhere /***tall dir is redirect am i lost?
I cannot find any kind of creds… I tried many files and googling. But google suggest database which i don’t have access to. This machine is driving me insane! Its suppose to be easy and I can’t even go one step further… Any help would be appreciated…
Spoiler Removed
Spoiler Removed
heyy…can someone please give me a initial foot hold… i have done the nmapand dirbuster
im struggling to see anything with the files
can anyone help me with opening that s*f file ?
Type your comment> @deathflash1411 said:
can anyone help me with opening that s*f file ?
anything will do
So I’ve managed to get code execution and can transfer files but nothing more. Not sure where I’m going wrong here. Would anyone be willing to pm a nudge?
got a password “r3*********n” but dont know how to use it.
Type your comment> @calamaris said:
This m***t **s is so luggy, my terminals stuck
Yeah even an ls command is taking ages!
Rooted!
Initial is quite tricky but easy. Root can be done within 10 minutes.
Need help? Pm me
Please help me with user.
I’ve got username (s****) from one of the file and also got login portal.
I’ve tried password bruteforce using Hydra, but no luck.
Is there anything else that I am missing out for the password?