Admirer

Finally rooted this machine! Took me little longer than usual but it was quite worth it I’ve learnt a few things I’ll probably never forget.
Special thanks to @polarbearer and @GibParadox for this cool machine.

Awesome machine, thanks to @polarbearer and @GibParadox for so awesome challenge. Really don’t know why a lot of people point that this one is a CTF machine, scenarios like this one happen in the real world. I think that the only problem is that the machine is not an “easy” one (or at least not for me), this focusing in the amount of enumeration needed to get the initial foothold

My hints:

User

  • Use that word without abbreviating it
  • Try to access that
  • It’s not about him, it’s about you

Root

  • Read about the powerup and the cobra features

Hope I am not spoiling the machine, if is that, remove the post

Really nice and fun box, learned a lot of new stuff!
PM me if you need a nudge.

can someone pm me with a nudge ?
i am stuck with the login page
i grabbed every file i found and tried every password but i always get “Access denied”

@SohaibSEG said:
can someone pm me with a nudge ?
i am stuck with the login page
i grabbed every file i found and tried every password but i always get “Access denied”
thanks everybody i got user
moving towards root

that’s the hardest “easy machine” after forest!!! Struggling on root…
I think it involves “W” command, but I’m not completely sure.

Anyone willing to give a nudge for the login page? Attempted bruteforcing using fuzzed info, attempting the vulnerability but getting 'Connection refused" :frowning:

Hi, I have found the h***.***.*z file but am struggling where to go from here. Can someone give me a nudge please.

Type your comment> @WireInTheGhost said:

Hi, I have found the h***.***.*z file but am struggling where to go from here. Can someone give me a nudge please.

Analyze what you have seen and start fuzzing again as this box recommends most enumeration skill.

@g1g4 said:
Anyone willing to give a nudge for the login page? Attempted bruteforcing using fuzzed info, attempting the vulnerability but getting 'Connection refused" :frowning:

Configure the environment properly.

@SohaibSEG said:

@SohaibSEG said:
can someone pm me with a nudge ?
i am stuck with the login page
i grabbed every file i found and tried every password but i always get “Access denied”
thanks everybody i got user
moving towards root

rooted with help of stackoverflow XD

Finally managed root on this thanks for the nudges @vicio and @LateComerz. Sometimes these easy boxes are not so easy, but it’s not that they are technically complicated, it’s just that I don’t know the tricks, yet. But that’s why we are hear right to learn? So if a similar box rolls around, I’ll have a few more tricks in my arsenal. I liked this box.

Can someone PM me some nudges on root? I’ve found the thing you get from basic enum once you’re on the box, but I’m not well-versed enough in snake language to understand how to go from there to root.

EDIT: Rooted. Figured it out on my own after looking up how things work wrt the intended attack vector. Very fun box, great for OSCP practice. I’d consider it more of a Medium box than easy.

First part of this box is absolutely terrible, lots of enumeration. Root part is cool.

Can someone explain me how to choose a wordlist over another? When should I choose this wordlist over another one.

root@admirer:/home/waldo# id
id
uid=0(root) gid=0(root) groups=0(root)

what a ride… Learned some new stuff, box defo harder than any of the other easy rated boxes i’ve completed.

Finally rooted!! Every time you feel you got there and now just have to jump and grab… NOO… It won’t work! Something has to be changed! :wink:

Great box! Loved it because this box teaches you to look at every aspect. As @GibParadox said in page 9, attention to detail is crucial!

Though had a weird problem on reverse shell for root! Could not figure out why!

Thanks @EvilT0r13 and @murderfalcon. Thanks to the makers…

Feel free to PM if need help!

@Y0urM4m4 said:

Can someone explain me how to choose a wordlist over another? When should I choose this wordlist over another one.

I usually start with a smaller “big” one, and then extend to a pretty large one, if I don’t get the desired results. If neither of them worked, I resort to start using random ones, in the hope to at least find something :smiley:

Hello guys,

I’m looking for the path to root… I’m a bit lost with the stories of cobra features, power up, snakelife, king options… I found nothing on google.
Can someone PM me a link or be more explicit? :slight_smile:

Thank you!

Hello.
It seems, I need a help.
I’ve found the login page of A*** tool , but creds I have don’t work, login without pass doesn’t allow me to enter, and the exploit I’ve found with google asks some credentials. Hint me, please, what vulnerability I should to use. Or, may be, I am at wrong way?