Quick

Rooted, overall the user1 → user2 part maybe is the best thing on the box.

For user1. there are too many hints on some posts here the exact tool is mentioned, user2, i made it with a small bash script, it’s easy just think about it, possibly you can do it even without scripting anything.

Root, as mentioned before stay at home :slight_smile:

Feel free to drop me a message I’ll be happy to assist as always.

Type your comment> @zaphoxx said:

i accessed the documents and retrieved some juice content. but i havent been able to use that on the login page. also tried to access other place but with no luck. can someone give me a nudge on what to look into?

PM me if still stuck

Can someone please explain me in PM, why am I getting these strange erros??
10.10.10.186 - - [03/May/2020 13:43:22] code 404, message File not found

I am going crazy…

need a sanity check regarding user. I am logged in know about the e*****e exploits. I also think I have the correct input point. however it doesnt seem to work. could someone pm me and I will share in more detail what I am trying to do. thanks

Rooted.
These are my tips:
foothold: ALWAYS launch 2 nmap, one for one side and one for the other side.
user: pay attention to that fu**ing “ltd”
1->2: use nc and while loops to understand what is happening
root: read, read, read, read… yes, that strange string is the way

Thanks sooo much to @cof123 and @Selcius for the nudges.

Trying to get user2, p**** request gets “Can’t connect to the p******”.
It works again after reset but only for a few minutes…
Is it intended …?

Type your comment> @juanpablito said:

Trying to get user2, p**** request gets “Can’t connect to the p******”.
It works again after reset but only for a few minutes…
Is it intended …?

Read the source might help :slight_smile:

Hi, also trying to get user2, I have tried numerous exploits with the ce, looked at every tt and found some causing “5**” errors which indicate "ce". Is user2 got from p***.q****.h** or q****.h**. Would love a PM to help…

removed

Dont restart box come onnn do you know how hard is to get shell … I’ve just got shell and then you restart it

Type your comment> @Dzsanosz said:

Can someone please explain me in PM, why am I getting these strange erros??
10.10.10.186 - - [03/May/2020 13:43:22] code 404, message File not found

I am going crazy…

What is the next line? What is it trying to get? Does the URL asked exist? If no, modify the coming request on the fly :slight_smile:

Type your comment> @Solarstorm said:

Type your comment> @juanpablito said:

Trying to get user2, p**** request gets “Can’t connect to the p******”.
It works again after reset but only for a few minutes…
Is it intended …?

Read the source might help :slight_smile:

Thanks,

I confirm, and I can add “Read CAREFULLY that source”, all the methodology is in !

Terrible machine ,i got only user and now i cannot even repeat it again .
All the time errors ,all the time resets.
The only positive thing was in the beginning where we had to update smt to access the site ,after that i spent more time fighting the other people resets and changes instead of working on the machine itself .
i wanted to continue on with the movement , unfortunately not possible : (

Type your comment> @MariaB said:

Terrible machine ,i got only user and now i cannot even repeat it again .
All the time errors ,all the time resets.
The only positive thing was in the beginning where we had to update smt to access the site ,after that i spent more time fighting the other people resets and changes instead of working on the machine itself .
i wanted to continue on with the movement , unfortunately not possible : (

In the end it’s worth it, try to automate things :slight_smile:

Rooted! Thank GOD!!!

Finally took user. needed to automate the process due to instability.
@maaaaaa , @doxxos Thanks for the nudge!

Rooted! Thanks @nasri136TH for the nudge :wink:

Nice box but I wasted a sh*t ton of time on user1 → user2 escalation as the command that I first sent wiped clean the file I wanted to read… And it is possible to do that with all the files that belong to user2.

Anyway, a part from that nice box especially the foothold and user!

My hint for root: Don’t go too far away from home, and enum scripts did not help me. There is no need to exploit anything, just find it and try it.

Finally rooted !! what a machine it is !!!

@MrR3boot said:

Hey, If you are getting Error Retrieving URL its intended behavior. Please try to understand what’s going on the box. I’m sure you feel so stupid after knowing why it did.

One of the things I love about your boxes is how often I feel stupid in the process of trying to root them.

I think I am stuck on this right now but I have some ideas on how to progress (not asking for hints yet). I dont know if I am imagining it but port seems to matter and when a request is messed up, it messes lots of things up.

EDITED: Yeah, my plan worked - still not 100% sure. Now I am convinced I can see the path I need to follow but I cant get the commands to work in the shell.

This is a fun box - thanks @MrR3boot !

EDIT 2: Solved. I was just stupid.

Hey, I’m stuck on using the juice from the documents. Tried a looooot of combinations but got nowhere. Pretty sure it’s a stupid mistake… Could someone PM me?

Edit: thanks @TazWake & @EvilT0r13 , found my stupid mistake!