Remote

Where would I get the username and password. anyone please help

well, i’m an idiot - got low priv user and thought i needed to privesc into another user for the flag…

Rooted! Got it using the US way. Would be interested in getting an idea of how the TV way works. Did some searches online but couldn’t find much to go about it that way. Would love a hint or idea for the sake of learning more.

If anyone needs a hint or a nudge feel free to message me what you’ve tried

think i’m stuck on root - wait, yes, stuck on root… been going down the path of using what is related to the name of the box and i think i have decrypted what i need to…
nudges welcome
update - not stuck anymore… silly me. holler if you need some helps
take care

edit: I think I realized what is going on with the password situation haha.

got root using the “intended” method. Thanks to @TazWake @dok72. If anyone needs a nudge, feel free to pm

Rooted.

Can someone PM me if i have the correct credentials.
I found them from the n*s but both usernames and the one password i found arent working even after a reset.
Also i get a error with the .py script.
Thanks

got user
need help with root
i think i found the REMOTE SERVICE but didnt find a way to exploit it

@Frodl said:

Can someone PM me if i have the correct credentials.
I found them from the n*s but both usernames and the one password i found arent working even after a reset.
Also i get a error with the .py script.
Thanks

If you got the password from the n*s, it should come with a user name which you can use to log into the portal and the hash format.

If you didn’t have to crack the password, you might have the wrong one.

I cant list any smb shares, view any files through anon ftp, cant get access through anon rpc and i need login cred for the rce exploit i have found. Can someone give me a hint on the initial foothold.
Thanks

nvm

Just rooted the box. PM me for nudges.

FYI for anyone having problems with the PoC, there’s a working version by noraj on GH

Got user on this box. Now going for root. Found the REMOTE service, so going for the intended way.

Need help with root! I believe i found the remote service and some creds when digging deeper for that service. I’m having trouble decrypting creds though. A nudge would be much appreciated!

supern00b here – it looks like i’m supposed to run dbr against this box to get the file for user creds, but should i be using a specific list or should i just let it brce everything?

edit: part of this was a VPN issue that didn’t show where i actually needed to go.
edit2: Got root. Thanks for the help (i’m sorry, i deleted the message chain on accident)

For user - the POC that shows up on a certain DB site is not amazing. Check out and see if someone may have improved it somewhere.
for root - don’t overthink it. The “U” way is not very reliable or consistent, the “T” way isn’t as quick, but it’s exponentially more reliable.

Finally rooted, not with the TV way.
This box was quite nice, but very unstable for me.
And Idk why people were changing passwds so often, this was very annoying…

Type your comment> @3xxu5 said:

FYI for anyone having problems with the PoC, there’s a working version by noraj on GH

Thank you, it saved much time

Type your comment> @MudGrassPony said:

supern00b here – it looks like i’m supposed to run dbr against this box to get the file for user creds, but should i be using a specific list or should i just let it brce everything?

You can find something even with common words, ah and if it’s not 200 it’s still doesn’t 400 and it also can be used. PM if you need more info about it.
And creds against what user?