Quick

Hint for the ones struggling for the first part, it’s mentioned many times in the forum. If you need help drop me a message, always happy to assist.

Finally rooted :slight_smile:
The root part was quite sneaky :smiley:

Now, the only active machine left for me is another @MrR3boot (and @b14ckh34rt ) one :lol:

i accessed the documents and retrieved some juice content. but i havent been able to use that on the login page. also tried to access other place but with no luck. can someone give me a nudge on what to look into?

Type your comment> @zaphoxx said:

i accessed the documents and retrieved some juice content. but i havent been able to use that on the login page. also tried to access other place but with no luck. can someone give me a nudge on what to look into?

Try to put the pieces together. There is some information on the homepage and the clients’ page you need to combine this and you have your username.

Some guidance to help others stuck on initial foothold, to add to some of the hints already noted:

  • If you have worked out what’s going on and have issues with the common everyday tool, try alternatives. I had to use compiled CLI tools to proceed and obtain more info. I figured out what was going on early-ish but wasted too way much time after thinking i was off as the tool was failing (wasn’t negotiating as i expected). I confirmed it worked perfectly on other similar sample sites already out there, so not sure.

Rooted, overall the user1 → user2 part maybe is the best thing on the box.

For user1. there are too many hints on some posts here the exact tool is mentioned, user2, i made it with a small bash script, it’s easy just think about it, possibly you can do it even without scripting anything.

Root, as mentioned before stay at home :slight_smile:

Feel free to drop me a message I’ll be happy to assist as always.

Type your comment> @zaphoxx said:

i accessed the documents and retrieved some juice content. but i havent been able to use that on the login page. also tried to access other place but with no luck. can someone give me a nudge on what to look into?

PM me if still stuck

Can someone please explain me in PM, why am I getting these strange erros??
10.10.10.186 - - [03/May/2020 13:43:22] code 404, message File not found

I am going crazy…

need a sanity check regarding user. I am logged in know about the e*****e exploits. I also think I have the correct input point. however it doesnt seem to work. could someone pm me and I will share in more detail what I am trying to do. thanks

Rooted.
These are my tips:
foothold: ALWAYS launch 2 nmap, one for one side and one for the other side.
user: pay attention to that fu**ing “ltd”
1->2: use nc and while loops to understand what is happening
root: read, read, read, read… yes, that strange string is the way

Thanks sooo much to @cof123 and @Selcius for the nudges.

Trying to get user2, p**** request gets “Can’t connect to the p******”.
It works again after reset but only for a few minutes…
Is it intended …?

Type your comment> @juanpablito said:

Trying to get user2, p**** request gets “Can’t connect to the p******”.
It works again after reset but only for a few minutes…
Is it intended …?

Read the source might help :slight_smile:

Hi, also trying to get user2, I have tried numerous exploits with the ce, looked at every tt and found some causing “5**” errors which indicate "ce". Is user2 got from p***.q****.h** or q****.h**. Would love a PM to help…

removed

Dont restart box come onnn do you know how hard is to get shell … I’ve just got shell and then you restart it

Type your comment> @Dzsanosz said:

Can someone please explain me in PM, why am I getting these strange erros??
10.10.10.186 - - [03/May/2020 13:43:22] code 404, message File not found

I am going crazy…

What is the next line? What is it trying to get? Does the URL asked exist? If no, modify the coming request on the fly :slight_smile:

Type your comment> @Solarstorm said:

Type your comment> @juanpablito said:

Trying to get user2, p**** request gets “Can’t connect to the p******”.
It works again after reset but only for a few minutes…
Is it intended …?

Read the source might help :slight_smile:

Thanks,

I confirm, and I can add “Read CAREFULLY that source”, all the methodology is in !

Terrible machine ,i got only user and now i cannot even repeat it again .
All the time errors ,all the time resets.
The only positive thing was in the beginning where we had to update smt to access the site ,after that i spent more time fighting the other people resets and changes instead of working on the machine itself .
i wanted to continue on with the movement , unfortunately not possible : (

Type your comment> @MariaB said:

Terrible machine ,i got only user and now i cannot even repeat it again .
All the time errors ,all the time resets.
The only positive thing was in the beginning where we had to update smt to access the site ,after that i spent more time fighting the other people resets and changes instead of working on the machine itself .
i wanted to continue on with the movement , unfortunately not possible : (

In the end it’s worth it, try to automate things :slight_smile:

Rooted! Thank GOD!!!