Quick

finally got user
learned a lot !!

i’m frustated in initialfoothold.
tried to fuzz the web, login form, access the portal,

Any nudge would be appreciated.

Oh man, finally got that user flag. It’s been a ride. Wowza.

user was pretty hard because i couldn’t for the life of me figure out how to access the portal, after a little nudge from someone it was basically smooth sailing to root

enjoyed this box a lot as well, keep 'em coming r3boot ^^

can anyone help me with foothold please ?

Spoiler Removed

Not getting anywhere with this box, not even the slightest hint of progress. I’ve tried dir busting and fuzzing but not got much back. I’ve found some headers that appear to suggest Jy and I’ve got a couple of URLs, w-f & m-**f but I don’t know if they are dead ends. Anyone feeling charitable feel free to shove me in the right direction.

Super cool box, just got the user!

just got user… when the creator said it was esoteric they sure weren’t kidding! Enjoyed path to user from foothold. For foothold the landing page text is important and many wont have even done it before.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

I’m getting this, any hints how to bypass it ?

can anyone give me a clue for the next step? I have managed to log into the portal tried a few things but am now hitting a wall…

Type your comment> @Dreadless said:

can anyone give me a clue for the next step? I have managed to log into the portal tried a few things but am now hitting a wall…

Inspect the header of the requests closely, you’ll find the clue to the next step.

great machine, I appreciated.

root@quick:~# ifconfig|fgrep 10.|awk '{print $2}'&&whoami 10.10.10.186 root

calipendula
for nudges on discord calipendula#1089
please don’t ask solutions but little hints

Where are u guys getting the creds for login?? I’m getting “Error code: SSL_ERROR_RX_RECORD_TOO_LONG” & stuck here…is there any other any port I’m missing out?

Type your comment> @b3nn said:

Type your comment> @Dreadless said:

can anyone give me a clue for the next step? I have managed to log into the portal tried a few things but am now hitting a wall…

Inspect the header of the requests closely, you’ll find the clue to the next step.

I fear this is something new to me as I am looking at the headers but not seeing the magic

finally got user last night, working to create an RCE script today so I can get back quickly. ready to tackle the user privesc and then onto root!

PM with what you tried up t if you’re stuck.

Type your comment> @alalno said:

Where are u guys getting the creds for login?? I’m getting “Error code: SSL_ERROR_RX_RECORD_TOO_LONG” & stuck here…is there any other any port I’m missing out?

This seems to be a common problem. This is coming up because your browser is trying to negotiate HTTPS like the link tells it to, but is not receiving what it expects. It thinks it is receiving an SSL record that is too long, it is actually just getting the same HTML page you’d get from a port that’s not supporting HTTPS. So… is there another port you might need to try?

@calipendula Thanks for clearing my brain! And as always @applepyguy thanks for the constant guidance as well haha

Just got user! Man this was a way to go for me. Now it’s time for root

Edit: Got Root, this box was quite a journey for me.
PM me for nudges

Type your comment> @DaWoschbar said:

Just got user! Man this was a way to go for me. Now it’s time for root

Same here. :slight_smile: