Quick

145791013

Comments

  • edited May 2

    Some guidance to help others stuck on initial foothold, to add to some of the hints already noted:

    • If you have worked out what's going on and have issues with the common everyday tool, try alternatives. I had to use compiled CLI tools to proceed and obtain more info. I figured out what was going on early-ish but wasted too way much time after thinking i was off as the tool was failing (wasn't negotiating as i expected). I confirmed it worked perfectly on other similar sample sites already out there, so not sure.
  • Rooted, overall the user1 -> user2 part maybe is the best thing on the box.

    For user1. there are too many hints on some posts here the exact tool is mentioned, user2, i made it with a small bash script, it's easy just think about it, possibly you can do it even without scripting anything.

    Root, as mentioned before stay at home :)

    Feel free to drop me a message I'll be happy to assist as always.

  • Type your comment> @zaphoxx said:

    i accessed the documents and retrieved some juice content. but i havent been able to use that on the login page. also tried to access other place but with no luck. can someone give me a nudge on what to look into?

    PM me if still stuck

  • Can someone please explain me in PM, why am I getting these strange erros??
    10.10.10.186 - - [03/May/2020 13:43:22] code 404, message File not found

    I am going crazy...

  • need a sanity check regarding user. I am logged in know about the e*****e exploits. I also think I have the correct input point. however it doesnt seem to work. could someone pm me and I will share in more detail what I am trying to do. thanks

    zaphoxx

  • Rooted.
    These are my tips:
    foothold: ALWAYS launch 2 nmap, one for one side and one for the other side.
    user: pay attention to that fu**ing "ltd"
    1->2: use nc and while loops to understand what is happening
    root: read, read, read, read.... yes, that strange string is the way

    Thanks sooo much to @cof123 and @Selcius for the nudges.
    gand3lf

  • Trying to get user2, p**** request gets "Can't connect to the p******".
    It works again after reset but only for a few minutes...
    Is it intended ..?

  • Type your comment> @juanpablito said:

    Trying to get user2, p**** request gets "Can't connect to the p******".
    It works again after reset but only for a few minutes...
    Is it intended ..?

    Read the source might help :)

  • Hi, also trying to get user2, I have tried numerous exploits with the c*e, looked at every t****t and found some causing "5" errors which indicate "c***e". Is user2 got from p*****.q****.h** or q****.h**. Would love a PM to help...

  • edited May 4

    removed

    zaphoxx

  • Dont restart box come onnn do you know how hard is to get shell .... I've just got shell and then you restart it

  • edited May 4
    Type your comment> @Dzsanosz said:
    > Can someone please explain me in PM, why am I getting these strange erros??
    > 10.10.10.186 - - [03/May/2020 13:43:22] code 404, message File not found
    >
    > I am going crazy...

    What is the next line? What is it trying to get? Does the URL asked exist? If no, modify the coming request on the fly :)
  • Type your comment> @Solarstorm said:

    Type your comment> @juanpablito said:

    Trying to get user2, p**** request gets "Can't connect to the p******".
    It works again after reset but only for a few minutes...
    Is it intended ..?

    Read the source might help :)

    Thanks,

    I confirm, and I can add "Read CAREFULLY that source", all the methodology is in !

  • Terrible machine ,i got only user and now i cannot even repeat it again .
    All the time errors ,all the time resets.
    The only positive thing was in the beginning where we had to update smt to access the site ,after that i spent more time fighting the other people resets and changes instead of working on the machine itself .
    i wanted to continue on with the movement , unfortunately not possible : (

  • Type your comment> @MariaB said:

    Terrible machine ,i got only user and now i cannot even repeat it again .
    All the time errors ,all the time resets.
    The only positive thing was in the beginning where we had to update smt to access the site ,after that i spent more time fighting the other people resets and changes instead of working on the machine itself .
    i wanted to continue on with the movement , unfortunately not possible : (

    In the end it's worth it, try to automate things :)

  • Rooted! Thank GOD!!!

  • edited May 5

    Finally took user. needed to automate the process due to instability.
    @maaaaaa , @doxxos Thanks for the nudge!

  • edited May 4

    Rooted! Thanks @nasri136TH for the nudge ;)

    Nice box but I wasted a sh*t ton of time on user1 -> user2 escalation as the command that I first sent wiped clean the file I wanted to read... And it is possible to do that with all the files that belong to user2.

    Anyway, a part from that nice box especially the foothold and user!

    My hint for root: Don't go too far away from home, and enum scripts did not help me. There is no need to exploit anything, just find it and try it.

  • Finally rooted !! what a machine it is !!!

    My YouTube Channel => https://www.youtube.com/c/NatzSec
    You can subscribe if you want :P

  • edited May 5

    @MrR3boot said:

    Hey, If you are getting Error Retrieving URL its intended behavior. Please try to understand what's going on the box. I'm sure you feel so stupid after knowing why it did.

    One of the things I love about your boxes is how often I feel stupid in the process of trying to root them.

    I think I am stuck on this right now but I have some ideas on how to progress (not asking for hints yet). I dont know if I am imagining it but port seems to matter and when a request is messed up, it messes lots of things up.

    EDITED: Yeah, my plan worked - still not 100% sure. Now I am convinced I can see the path I need to follow but I cant get the commands to work in the shell.

    This is a fun box - thanks @MrR3boot !

    EDIT 2: Solved. I was just stupid.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited May 5

    Hey, I'm stuck on using the juice from the documents. Tried a looooot of combinations but got nowhere. Pretty sure it's a stupid mistake... Could someone PM me?

    Edit: thanks @TazWake & @EvilT0r13 , found my stupid mistake!

  • edited May 6

    Spoiler Removed

    ++++++++++++++++++++++++++++++++++++++++++++++++++

    Str0ng3erG3ek

    +respect me if I helped you :}

  • Absolutely hate @MrR3boot 's boxes and this one also.
    Literally every step is hard
    Spending hours in guessing game, cracking unusual hash and figuring out that it is someone else's changed password.
    It's like if you thinking "no, it cant be this way" - it is definitely this way.
    Rooted couple of days back, with a lot of help, thanks everyone for it.
  • Hi,I can't find username for login page.I try all of names from main page and client page and about page and combinations but non of them works,any help would be appreciated

  • edited May 6

    rooted! Awesome box - probably the one i've enjoyed most!
    Awesome work putting this one together.

  • rooted first impression is awesome
    if anyone stuck DM for hints

    0zxyx

  • Epic box @MrR3boot, loved every part of it ;)
    Open for nudges.

    TIP: Script everything.


    Check out my blog
    Always happy to help! but please consider dropping some respect. ^^

  • What a fun. Someone deleted id_rsa which cost me a lot of time....

  • can anyone give me a hint for root, I'm sitting here with a ssh connection as s****m and am sure I'm missing something obvious

  • I have find creds to connect to login.php, but I'm stuck there, I know there is something in t****t.php but I'm not getting it, some help would b great

Sign In to comment.