Admirer

Interstellar OST… seriously though? lol

Hello ! I need some help ! I found the login page and I’m trying to do the known exploit, but I’m getting “MySQL has gone away”. Am I in the right path or is it just another rabbit hole ?

Finally after 2 days rooted the box. The Initial foothold is very hard, If you have done this before surely it wont be as hard. for the root it was supposed to be hard but some people didn’t delete their payload. Overall a great box by @GibParadox and @polarbearer but my experience gets ruined by this kind of people.(note: thanks for the interstellar and the shoutout to my favorite show)

Hint for Foothold:
You can try manually from the tips on this discussion or you can use tools like dirbuster and such just mind ke thread and the wordlist.

Hint for User:
If you get into here just google fu and try everything you find. Dont forget to set the account privilages on your machine.

Hint for Root:
Try to find your way around to see what has been provided to you or shown to you and just read the forum i guess.

Hi, i managed to find the h***.t**.g* file, but i don’t know what am i supposed to do now. Maybe someone can give me a small hint. Thank you!

Type your comment> @Konstant said:

rooted
box is easy, but with a lot of nuances.
If u making it for points in the night and hope to make it quick, just like me - forget about this, u will be delve into all rabbit holes, checking everything before realize that u need persistence for this one.
Main vuln is very cool, root looks unrealistic scenario for me, but I’m not very familiar with it.
Thanks for the box @polarbearer and @GibParadox, I don’t get why rating so low…

Glad you liked it.

I think “Easy” and “Fast” are often mistaken…
In my opinion, easy means you don’t need any advanced skills to complete the box.
Fast, well… you know.

I guess that’s what caused the frustration that ended up in bad ratings…
Something to keep in mind, I suppose

That’s one tough “easy box”, got foothold, working in user now. I can’t find this login page but I’m sure it associates with a******db? Nudges would be great!

Finding the login page…anyway other than fuzzing?

Learned something about FUZZING, python and linux :wink:

Rooted. Good box pm me if you want a nudge. Tell me what you’ve tried because I won’t nudge people who haven’t tried yet.

Rooted. Thanks for the box @polarbearer and @GibParadox. This was a good reminder to pay close attention to all the information and don’t assume anything.

Learnt some new stuff along the way and thanks to those that provided me with nudges, respect given. If anyone wants a nudge, tell me what you have tried and happy to help.

Any one can help with root? :neutral: I know the idea but can not make it happen.

Rooted! That was quite the ride. Thankyou @polarbearer and @GibParadox for the great learning experience. Fun way to get root.

A bit of grit needed for this one for sure, research what you have to find the way forward.

i rooted it ,but i was doing write up so that i can post it when box retires ,guess what , fuzzing this box again is pain in a*s

■■■ just got root :blush:
PM if you need help :wink:

Type your comment> @b3nn said:

So no one’s gonna talk about The Big Bang Theory references?
Was wondering about that; but where is Sh*****? Havent found him

root@admirer:~# whoami && id && hostname -a
whoami && id && hostname -a
root
uid=0(root) gid=0(root) groups=0(root)
Got root and understood how exploit r****my*******. works.
Thanks to @bertalting and @knuijsting for not letting me drown in the sea of ​​rabbit holes.

Hey, still stuck on that machine…

I found the uti****-S***** and then the ad**-*k but I’m thinking this may be a rabbit hole. can someone confirm?

And what am I spouse to find bt fuzzing? I’m fuzzing for like a week with no result :frowning:

hello, i have a trouble with lol.xml,when i load that file,it say that "Error in query (7890): Can’t find file 'app/etc/lol.xml’. "

Guys I tried dirbuster on wordlist big.txt and common.txt on / and /a****-**r ,but all files enumerated have response code 403,Can some one nudge me a hint