ForwardSlash

Type your comment> @Brogramm3r said:

I am able to read files using p************.p** but cannot find anything useful since I am doing it blindly and cannot find the location of the b****p directory. Any nudge would be appreciated

I’m at a very similiar stage, I can read files and some limited source files, just not sure where to go from here, Have some info about db but not sure how or where to use it.

Any hints anyone ?

@wantsnewsocks said:

Type your comment> @Brogramm3r said:

I am able to read files using p************.p** but cannot find anything useful since I am doing it blindly and cannot find the location of the b****p directory. Any nudge would be appreciated

I’m at a very similiar stage, I can read files and some limited source files, just not sure where to go from here, Have some info about db but not sure how or where to use it.

Any hints anyone ?

Same as last time ForwardSlash - #166 by TazWake - Machines - Hack The Box :: Forums

Nice box, but its not hard, maybe medium

Am I wasting my time trying to abuse this broken f** login in i***x.**p?

@Brogramm3r said:

Am I wasting my time trying to abuse this broken f** login in i***x.**p?

It depends. If I’ve read it correctly, you are looking at the file which gives you what you need to get access.

Some skids change the password of c*** plzzzzz stop that sh********

need a push since my “permission is denied; not that way ;)”
no idea on how to go over it

@Nt3c said:

need a push since my “permission is denied; not that way ;)”
no idea on how to go over it

With PHP, you can apply a filter which lets you bypass this.

Type your comment> @TazWake said:

@Nt3c said:

need a push since my “permission is denied; not that way ;)”
no idea on how to go over it

With PHP, you can apply a filter which lets you bypass this.

got it :wink:

Thanks @TazWake and @cY83rR0H1t

Can anyone provide me with a nudge. I can read files, but I haven’t found a way to execute code yet. DM please!

Update: Thanks @cY83rR0H1t for pointing out the not so obvious place to look for code in progress/development!

Just rooted !
What a great box ! Thanks @cyberafro for your help.

any nudge plz about the c****o ? I’m stuck :frowning:

@Drxxx said:

any nudge plz about the c****o ? I’m stuck :frowning:

If you mean the python file, you can add code which brute forces it.

Type your comment> @TazWake said:

@Drxxx said:

any nudge plz about the c****o ? I’m stuck :frowning:

If you mean the python file, you can add code which brute forces it.

Yes, I did that with rockyou list but failed all pass as keys

@Drxxx said:

Yes, I did that with rockyou list but failed all pass as keys

Try a more brute force approach.

Type your comment> @TazWake said:

@Drxxx said:

Yes, I did that with rockyou list but failed all pass as keys

Try a more brute force approach.

bad idea. if rockyou dosen’t work for you, you’re doing something wrong.

Type your comment> @TazWake said:

@Drxxx said:

Yes, I did that with rockyou list but failed all pass as keys

Try a more brute force approach.

@0x41 said:
Type your comment> @TazWake said:

@Drxxx said:

Yes, I did that with rockyou list but failed all pass as keys

Try a more brute force approach.

bad idea. if rockyou dosen’t work for you, you’re doing something wrong.

Thank you both a lot … you’re awesome … Your both point of view is correct … I was able to get it by both ways … Thank you … Insane Machine … thanks for the creators @InfoSecJack & @chivato … I have learned really a lot in those 2 days, I wish the attached mp3 wasn’t empty;) … I’m so interested in know if that image has another path to the solution …

Final step I had found it exist … SO I have to undo what else leave behind and re-do the final step again … then clean my work …

can anyone give me a hint on the python c****o either on a smarter way of attacking it, i’m having issue with brute forcing it, possibly python 2.7 vs 3 string processing reading from files

got /se****-s****s/. but no files…
stuck for almost 2 hr!
can anyone show me light?

Rooted, very nice box! PM for hints ?