Was very tough but was worth it .A lot of manual work. I will not give you nudges because the exploitation is awesome and we should struggle .
For the initial users yes i can give a good article which can help for the overall exploit .
But finding the real user was insane and beautiful : )
I struggled so much but when i found it was super proud of me . Was so so cool …
Now onto root …Lets see if i will struggle again most probably yes : )
The path to user was one of the most awesome ones I have seen among the machines published.
Thanks @egre55 and @MinatoTW for creating the amazing challenge.
Stuck on root now for 2-3 days, went deep into 2 possible scenario’s but couldn’t quite get them working.
If anyone is willing to provide me a small nudge, I would highly appreciate it
No you need to find a user that can log in with a password. But first you need to find that user which is another moment of struggle : )
also for that user you need to go back and search again
This has been a very hard box for me. Feeling pretty hard-stuck as I finally got nudges to get me close to finding certain types of accounts, but the responses I’m getting back are not being encoded/decoded cleanly. Not sure how to handle.
Was very tough but was worth it .A lot of manual work. I will not give you nudges because the exploitation is awesome and we should struggle .
For the initial users yes i can give a good article which can help for the overall exploit .
But finding the real user was insane and beautiful : )
I struggled so much but when i found it was super proud of me . Was so so cool …
Now onto root …Lets see if i will struggle again most probably yes : )
May I ask someone a couple of questions regarding this box?
I have got user, but I am rather stuck on moving on to the next paths. I believe I have been down several rabbit holes which doesn’t lead anywhere, but that could be my lack of knowledge about these systems.
So far I have got a list of the users, and what I feel should be a POST request vuln to s*** using a tamper script. I’ve tried tweaking the tamper script but still failing hard.
I may need to give up on this and find the reading material @MariaB hinted at.
I don’t need hints yet, just ranting more than anything else
So far I have got a list of the users, and what I feel should be a POST request vuln to s*** using a tamper script. I’ve tried tweaking the tamper script but still failing hard.
I may need to give up on this and find the reading material @MariaB hinted at.
I don’t need hints yet, just ranting more than anything else
I doubt that the typical automation tools will get you there (even with according tamper scripts). I’d rather recommend writing a small script to exploit it. And then search for/find said reading material
May I ask someone a couple of questions regarding this box?
I have got user, but I am rather stuck on moving on to the next paths. I believe I have been down several rabbit holes which doesn’t lead anywhere, but that could be my lack of knowledge about these systems.
I’m in the same boat… I think I see that path to root this box, but must be missing a piece to this puzzle.