Book

17810121321

Comments

  • Damn! I got it!!!
    ...since i began to work in this box, but i discarded it because doesn't worked for me...

    Thanks to @Watskip @meraxes and @MariaB for your messages and time.

    Remember to double (or better triple) check every payload or technique before trashing it!!

    rulzgz

  • Good for you i left it . I was in vicious circle with my payloads for the initial access .It worked once then it was all the time Nope! : )

  • I have read the thread twice already, still no have any clue how to get the admin user for the webapp. Any nuggets would be highly appreciated.

  • Type your comment> @Dzsanosz said:

    I have read the thread twice already, still no have any clue how to get the admin user for the webapp. Any nuggets would be highly appreciated.

    I think I know what I must do, been trying for 2 days, but nothing.

  • edited March 2020

    Type your comment> @Dzsanosz said:

    I have read the thread twice already, still no have any clue how to get the admin user for the webapp. Any nuggets would be highly appreciated.

    Same here. Trying to find some php code that implements signup form or a blog post that deals with similar issues. No luck so far. I guess I need to trick the code into setting a role field to admin role during signup by leveraging the fact that the email field has a char limit, at least that's what I extracted so far from all the nudges here.

    EDIT: Got pushed into the right direction. Got it.

    k4wld
    Discord: k4wld#5627

  • Oh Gosh finally got user on BOOK .Awesome foothold ,very tricky and especially with everyone overwriting one anothers :D .
    But after that i was able to get something else .Thanks for the guys who pointed me in what attack i need to focus to achieve my goal .

  • Hello community,

    Could you please give some hints for a little push?

    I am in the admin login webpage.

  • edited March 2020

    You've been b0okd & r0tTd..
    Thanks a lot @TazWake for the nudge, you save my day :respect:

  • Finally got user. Super hard for me. :fearful:

  • Rooted but grabbed only the root.txt as always a race : )

    @MrR3boot .Awesome box!

    Especially the initial foothold for me was smt new so i learnt smt that i can use in future .Very very cool .

    And after that the next step was also cool /i admit here i got a little nudge on the type of attack i must target but the execution was mine :) /

    Anyways really awesome box despite the race.

  • bro i found the register form for admin but its didnt work any nudge for me :(
  • rooted && level up!
    \o/

    pm me if you need any help

    e-nigmaNL

  • Guys im stuck at the admin part, i have found out the admin login page and the admin email id, but unable to login, tried many things like SQLI, bruteforcing but nothing works, can any one provide me any nudges, i'm really stuck here for 2 hours

    Fell free to message me
  • @hacktheera said:

    Guys im stuck at the admin part, i have found out the admin login page and the admin email id, but unable to login, tried many things like SQLI, bruteforcing but nothing works, can any one provide me any nudges, i'm really stuck here for 2 hours

    Fell free to message me

    If you view the source you can see there are some client side restrictions. These may indicate that the backend is badly configured and you can bypass a check it makes.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I have a problem with User part in my payload.
    Doesn't showing any files any help

  • Hey all I am 100% lost on how to get the initial foothold. Any and all help is appreciated.

  • Finally got root on the box, but this was a real struggle for me from start to end :(

    @MrR3boot thank you for box, it was very educational!
    Mega thanks to @TazWake for helping and patience with me :) Help and pointers you gave were great, they gave me the right direction but still left me to do my research, find the correct solution. (/bow)

    To ppl who are struggling and/or kind of dropping (seen some comments) - don't be afraid to ask for help | take some breather and then come back with a fresh look (this worked for me also) | don't be discouraged with comments "ohh this is an easy box", etc - don't forget that everyone has different experiences and skill level, you are here to learn, so just ignore it and do what you can do, do research, etc. Everyone started somewhere :)

  • It looks like I need some hints for user here. I've got access to the admin panel and see the connection between that and an u****d function in the user panel.

    I've read a few writeups on exploiting this and got the box to "call back" to me. However, I have little success in getting it to reveal more, even after trying variations of that technique. Nudges are definitely welcome!

  • edited March 2020

    Hi, I need a hint for user. I've managed to login with name 'a****' and mail 'a****@****.'' at the page at port 8* by following the things in the forum (TR***-Function), but when I view my profile on the page, it still says that my role is user.

    Did I miss something?

    Nudges are welcome!!

    PM or Discord (mA1nfrAm3r#8064)

  • Type your comment> @mA1nfrAm3r said:

    Hi, I need a hint for user. I've managed to login with name 'a****' and mail 'a****@****.'' at the page at port 8* by following the things in the forum (TR***-Function), but when I view my profile on the page, it still says that my role is user.

    Did I miss something?

    Nudges are welcome!!

    PM or Discord (mA1nfrAm3r#8064)

    Enumerate folders on webserver or if you already found it, then don't forget there are two pages ;)

    I was /facepalming myself on this stuff after I was corrected by @TazWake ;)

  • edited March 2020

    @snownoob Okay, so the webpage for the a****-user looks the same as a normal user, only the functionality is different? Was just confused by the role when I view the profile...

    Thx!

    Edit: Got it, wow, now I get why people said that is was unstable... feels like the 100th time that I tried go get into /a***** and now it's working... ;-)

    Thanks @snownoob

  • Type your comment> @mA1nfrAm3r said:

    @snownoob Okay, so the webpage for the a****-user looks the same as a normal user, only the functionality is different? Was just confused by the role when I view the profile...

    Thx!

    Edit: Got it, wow, now I get why people said that is was unstable... feels like the 100th time that I tried go get into /a***** and now it's working... ;-)

    Thanks @snownoob

    well, I know how it feels ;)

  • @zelensky said:

    It looks like I need some hints for user here. I've got access to the admin panel and see the connection between that and an u****d function in the user panel.

    I've read a few writeups on exploiting this and got the box to "call back" to me. However, I have little success in getting it to reveal more, even after trying variations of that technique. Nudges are definitely welcome!

    Dont focus on getting a reverse shell to work via what is essentially an information leakage vulnerability. Leak the information. Much more effective.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Lots of frustration, as well as lots of fun and learning. Thanks @MrR3boot! Took me a good while to get root, as I thought I was doing the right thing but kept losing. Not sure if I eventually got lucky or my other efforts to tip the scales in my favor paid off.

  • is there any error in the key? cuz i got invalid format!

  • Finally rooted, great respect for @MariaB and @snownoob, without their help was impossible for me to solve the box, thanks also to my friend @steps0x29a for his hints and support.

    There is a lot to learn in this box, it is not easy and immediate, thanks to @MrR3boot to show me a kind of attach using X.. in the P.. document that I never fece before.
    Only one remark, unfortunately the document reader tool in the first part could affect a lot of players, me too, i spent two days in this part.

  • Type your comment> @c4ph00k said:

    Finally rooted, great respect for @MariaB and @snownoob, without their help was impossible for me to solve the box, thanks also to my friend @steps0x29a for his hints and support.

    There is a lot to learn in this box, it is not easy and immediate, thanks to @MrR3boot to show me a kind of attach using X.. in the P.. document that I never fece before.
    Only one remark, unfortunately the document reader tool in the first part could affect a lot of players, me too, i spent two days in this part.

    I am stuck on this part, the payload work on my machine as good but couldn't view it in PDF

  • @khanafeer said:

    I am stuck on this part, the payload work on my machine as good but couldn't view it in PDF

    This, largely, depends on how you view the PDF. There are many ways round it other than using the default viewer built into Kali. While this frustrated me for a long time, like most other people, I don't think that box creators should make it "extra easy" to get data via information leakage.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:
    > @khanafeer said:
    >
    > (Quote)
    > This, largely, depends on how you view the PDF. There are many ways round it other than using the default viewer built into Kali. While this frustrated me for a long time, like most other people, I don't think that box creators should make it "extra easy" to get data via information leakage.

    Same situation here. I am not using the default kali PDF viewer, but I still see no information there. It seemed to respond to "height" and "width" though.
  • @zelensky said:

    Same situation here. I am not using the default kali PDF viewer, but I still see no information there. It seemed to respond to "height" and "width" though.

    Then something you are doing isn't working. Start small, with data you know has to exist on the system. If you can't get it to show you that, the attack needs to be changed.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.