Alright i have helped enough people lol, now i need help. i will try to keep this generic so i dont get popped again
my simple thing isnt working...... my payload in the MB should work had people test it... ufw is not installed on my machine.....i need a sanity check.... i know what i need to do the simple thing just wont talk....
User was not very obvious, but the forum is loaded with hints of the struggles.
Second PrivEsc was probably the most enjoyable part of this box.
Root was too "quick" Don't need to look very far.
I liked the box but wish it had more stepping stones along the way, especially on the initial foothold.
It fits its category of difficult and had some custom exploitation along the way.
On another note, if anyone can enlighten me on how to resolve DNS hosts using python if a box doesn't have capabilities to add to the etc hosts file, that would be awesome!
I currently only know of curl that can --resolve DNS override!
If you like my advice, please give me some respect! Thanks!
Message me on discord: godylocks#5721
user was pretty hard because i couldn't for the life of me figure out how to access the portal, after a little nudge from someone it was basically smooth sailing to root
enjoyed this box a lot as well, keep 'em coming r3boot ^^
Not getting anywhere with this box, not even the slightest hint of progress. I've tried dir busting and fuzzing but not got much back. I've found some headers that appear to suggest Jy and I've got a couple of URLs, w-f & m-**f but I don't know if they are dead ends. Anyone feeling charitable feel free to shove me in the right direction.
just got user.. when the creator said it was esoteric they sure weren't kidding! Enjoyed path to user from foothold. For foothold the landing page text is important and many wont have even done it before.
Where are u guys getting the creds for login?? I'm getting "Error code: SSL_ERROR_RX_RECORD_TOO_LONG" & stuck here...is there any other any port I'm missing out?
Where are u guys getting the creds for login?? I'm getting "Error code: SSL_ERROR_RX_RECORD_TOO_LONG" & stuck here...is there any other any port I'm missing out?
This seems to be a common problem. This is coming up because your browser is trying to negotiate HTTPS like the link tells it to, but is not receiving what it expects. It thinks it is receiving an SSL record that is too long, it is actually just getting the same HTML page you'd get from a port that's not supporting HTTPS. So.... is there another port you might need to try?
Comments
Alright i have helped enough people lol, now i need help. i will try to keep this generic so i dont get popped again
my simple thing isnt working...... my payload in the MB should work had people test it... ufw is not installed on my machine.....i need a sanity check.... i know what i need to do the simple thing just wont talk....
Type your comment> @guanicoe said:
I still dont know why nobody answered that, but i got a strong feeling that it isnt smh even if i'm still having nothing as a foothold euuuh
Type your comment> @m1111 said:
I'm on the same spot as you, tried with all users that i found but nothing
For those that at least got as far as the juicy info in that document, you can PM me for a nudge.
Type your comment> @Selcius said:
if you get that error then maybe your need to rebuild the tool your using or look into that experimental feature....
If you like my advice, please give me some respect! Thanks!
Message me on discord: godylocks#5721
Calling all Superstars i am soclose to user i need a sanity check to see if my approach is solid....which i think it is....hep hep me please
My god!!! Finally! What a ride for that user.... The foothold was tough, but how proud i feel right now!! :-) Onto Root!
User was not very obvious, but the forum is loaded with hints of the struggles.
Second PrivEsc was probably the most enjoyable part of this box.
Root was too "quick" Don't need to look very far.
I liked the box but wish it had more stepping stones along the way, especially on the initial foothold.
It fits its category of difficult and had some custom exploitation along the way.
On another note, if anyone can enlighten me on how to resolve DNS hosts using python if a box doesn't have capabilities to add to the etc hosts file, that would be awesome!
I currently only know of curl that can --resolve DNS override!
If you like my advice, please give me some respect! Thanks!
Message me on discord: godylocks#5721
finally got user
learned a lot !!
i'm frustated in initialfoothold.
tried to fuzz the web, login form, access the portal,
Any nudge would be appreciated.
Oh man, finally got that user flag. It's been a ride. Wowza.
user was pretty hard because i couldn't for the life of me figure out how to access the portal, after a little nudge from someone it was basically smooth sailing to root
enjoyed this box a lot as well, keep 'em coming r3boot ^^
can anyone help me with foothold please ?
Spoiler Removed
Not getting anywhere with this box, not even the slightest hint of progress. I've tried dir busting and fuzzing but not got much back. I've found some headers that appear to suggest Jy and I've got a couple of URLs, w-f & m-**f but I don't know if they are dead ends. Anyone feeling charitable feel free to shove me in the right direction.
Super cool box, just got the user!
just got user.. when the creator said it was esoteric they sure weren't kidding! Enjoyed path to user from foothold. For foothold the landing page text is important and many wont have even done it before.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG
I'm getting this, any hints how to bypass it ?
can anyone give me a clue for the next step? I have managed to log into the portal tried a few things but am now hitting a wall...
Type your comment> @Dreadless said:
Inspect the header of the requests closely, you'll find the clue to the next step.
PM for nudges, but tell me what you've got so far. If I helped you, remember to give respect.
great machine, I appreciated.
[email protected]:~# ifconfig|fgrep 10.|awk '{print $2}'&&whoami
10.10.10.186
root
for nudges on discord calipendula#1089
please don't ask solutions but little hints
Where are u guys getting the creds for login?? I'm getting "Error code: SSL_ERROR_RX_RECORD_TOO_LONG" & stuck here...is there any other any port I'm missing out?
Type your comment> @b3nn said:
I fear this is something new to me as I am looking at the headers but not seeing the magic
finally got user last night, working to create an RCE script today so I can get back quickly. ready to tackle the user privesc and then onto root!
PM with what you tried up t if you're stuck.
Type your comment> @alalno said:
This seems to be a common problem. This is coming up because your browser is trying to negotiate HTTPS like the link tells it to, but is not receiving what it expects. It thinks it is receiving an SSL record that is too long, it is actually just getting the same HTML page you'd get from a port that's not supporting HTTPS. So.... is there another port you might need to try?
Just got user! Man this was a way to go for me. Now it's time for root
Edit: Got Root, this box was quite a journey for me.
PM me for nudges
> Just got user! Man this was a way to go for me. Now it's time for root
Same here.
Hi, is there anyone willing to help me out with the initial foothold? many thanks
really tough box if i didnt get help i quit lol
new tech really make me cry