Hint for Sunday

Anyone have any hints for priv esc? I dont see anything except a troll.

@The0Xypher said:

@w31rd0 said:

@The0Xypher said:

@0c3r said:
anybody willing to talk about getting user?
managed to enumerate and find some users but not sure how to carry on

@w31rd0 said:

@0c3r said:
anybody willing to talk about getting user?
managed to enumerate and find some users but not sure how to carry on
I am on the same spot. Found a few users. now i am not sure what the next step is.
I may have lost something on my nmap scans though

Go back to your nmap, look for a point of access and the try some obvious guess work.

i have detected a point of access. but I left it aside as i felt i am missing the clues to use it.
you are implying that random guessing is required? or i need to enumerate more to get a hint?

Well I got into the box using some educated guessing. If you’ve seen any of ippsec’s videos on youtube, just do what he does. Go for some obvious guess. The entry to the box is similar to Valentine in the sense what you need is practically in front of you.

This part I have (can login but still no access to the user flag), but no clue so far what to do next what amazes me, because this is 20p box.

@The0Xypher said:

@w31rd0 said:

@The0Xypher said:

@0c3r said:
anybody willing to talk about getting user?
managed to enumerate and find some users but not sure how to carry on

@w31rd0 said:

@0c3r said:
anybody willing to talk about getting user?
managed to enumerate and find some users but not sure how to carry on
I am on the same spot. Found a few users. now i am not sure what the next step is.
I may have lost something on my nmap scans though

Go back to your nmap, look for a point of access and the try some obvious guess work.

i have detected a point of access. but I left it aside as i felt i am missing the clues to use it.
you are implying that random guessing is required? or i need to enumerate more to get a hint?

Well I got into the box using some educated guessing. If you’ve seen any of ippsec’s videos on youtube, just do what he does. Go for some obvious guess. The entry to the box is similar to Valentine in the sense what you need is practically in front of you.

Ok i feel so dump, i thought i had tried that combination more than once.
i managed to log in after all. cheers

cool box

@macw141 said:

@The0Xypher said:

@w31rd0 said:

@The0Xypher said:

@0c3r said:
anybody willing to talk about getting user?
managed to enumerate and find some users but not sure how to carry on

@w31rd0 said:

@0c3r said:
anybody willing to talk about getting user?
managed to enumerate and find some users but not sure how to carry on
I am on the same spot. Found a few users. now i am not sure what the next step is.
I may have lost something on my nmap scans though

Go back to your nmap, look for a point of access and the try some obvious guess work.

i have detected a point of access. but I left it aside as i felt i am missing the clues to use it.
you are implying that random guessing is required? or i need to enumerate more to get a hint?

Well I got into the box using some educated guessing. If you’ve seen any of ippsec’s videos on youtube, just do what he does. Go for some obvious guess. The entry to the box is similar to Valentine in the sense what you need is practically in front of you.

This part I have (can login but still no access to the user flag), but no clue so far what to do next what amazes me, because this is 20p box.

Same for me although I havent had time to really look into it yet. Gunna take a look myself in a bit.

@w31rd0 said:

@The0Xypher said:

@w31rd0 said:

@The0Xypher said:

@0c3r said:
anybody willing to talk about getting user?
managed to enumerate and find some users but not sure how to carry on

@w31rd0 said:

@0c3r said:
anybody willing to talk about getting user?
managed to enumerate and find some users but not sure how to carry on
I am on the same spot. Found a few users. now i am not sure what the next step is.
I may have lost something on my nmap scans though

Go back to your nmap, look for a point of access and the try some obvious guess work.

i have detected a point of access. but I left it aside as i felt i am missing the clues to use it.
you are implying that random guessing is required? or i need to enumerate more to get a hint?

Well I got into the box using some educated guessing. If you’ve seen any of ippsec’s videos on youtube, just do what he does. Go for some obvious guess. The entry to the box is similar to Valentine in the sense what you need is practically in front of you.

Ok i feel so dump, i thought i had tried that combination more than once.
i managed to log in after all. cheers

no problem bro

I think i found the way in to the box but yet did not get access to it can someone PM me on it.

So I logged in as a user and cant seem to find how to access the user.txt as it is owned by Spoiler Removed - Arrexel. Can anyone PM me a hint on how to view the file or Priv escalation? Respect will be given

@lambda1776 said:
So I logged in as a user and cant seem to find how to access the user.txt as it is owned by Spoiler Removed - Arrexel. Can anyone PM me a hint on how to view the file or Priv escalation? Respect will be given

enumerate manually :wink:

@S4ck said:

@lambda1776 said:
So I logged in as a user and cant seem to find how to access the user.txt as it is owned by sammy. Can anyone PM me a hint on how to view the file or Priv escalation? Respect will be given

enumerate manually :wink:

I believe i did, i saw a interesting troll and thought it might have something to do with it but maybe im wrong. And i didnt see anything particularly interesting during the rest of the enumeration. Am i missing something?
I am looking to improve my enumeration so tips or resources would help.

I went straight to Spoiler Removed - Arrexel and then got the flag 10m after very easy. if anyone needs help msg me in private

@rek2 said:
I went straight to Spoiler Removed - Arrexel and then got the flag 10m after very easy. if anyone needs help msg me in private

any hint for wordlist to crack root hash?

For a 20 point box this is messing with my head. Can someone give me a pointer? I can’t get pass the part of user enumeration (done), or how to use the two open services…

@alquimista said:
For a 20 point box this is messing with my head. Can someone give me a pointer? I can’t get pass the part of user enumeration (done), or how to use the two open services…

you need to enumerate more on services :slight_smile:

alquimista same mistake i made, play about with nmap a bit more before rushing in on those “2” services.

@IrfanRizvi said:

@rek2 said:
I went straight to Spoiler Removed - Arrexel and then got the flag 10m after very easy. if anyone needs help msg me in private

any hint for wordlist to crack root hash?

msg me in private not sure if adding that here is a spoiler or not.

My nmap scans are taking way too long. Is that normal?

@abogaida said:
My nmap scans are taking way too long. Is that normal?

Box is a little bit awkward with nmap scanning noticed, try Zenmap. It helped when I was trying to scan it when it came out.

@abogaida said:
My nmap scans are taking way too long. Is that normal?

Try adding the --min-rate 1000 --max-retries 5

This is normally very bad practice, you could knock something over very easily, or miss something on a box that is responding slowly.

Also try tinkering with --min-parallelism …

That being said, the most frustrating part of this box are people that trash it, necessitating a reset.