Admirer

@SohaibSEG said:
can someone pm me with a nudge ?
i am stuck with the login page
i grabbed every file i found and tried every password but i always get ā€œAccess deniedā€
thanks everybody i got user
moving towards root

thatā€™s the hardest ā€œeasy machineā€ after forest!!! Struggling on rootā€¦
I think it involves ā€œWā€ command, but Iā€™m not completely sure.

Anyone willing to give a nudge for the login page? Attempted bruteforcing using fuzzed info, attempting the vulnerability but getting 'Connection refused" :frowning:

Hi, I have found the h***.***.*z file but am struggling where to go from here. Can someone give me a nudge please.

Type your comment> @WireInTheGhost said:

Hi, I have found the h***.***.*z file but am struggling where to go from here. Can someone give me a nudge please.

Analyze what you have seen and start fuzzing again as this box recommends most enumeration skill.

@g1g4 said:
Anyone willing to give a nudge for the login page? Attempted bruteforcing using fuzzed info, attempting the vulnerability but getting 'Connection refused" :frowning:

Configure the environment properly.

@SohaibSEG said:

@SohaibSEG said:
can someone pm me with a nudge ?
i am stuck with the login page
i grabbed every file i found and tried every password but i always get ā€œAccess deniedā€
thanks everybody i got user
moving towards root

rooted with help of stackoverflow XD

Finally managed root on this thanks for the nudges @vicio and @LateComerz. Sometimes these easy boxes are not so easy, but itā€™s not that they are technically complicated, itā€™s just that I donā€™t know the tricks, yet. But thatā€™s why we are hear right to learn? So if a similar box rolls around, Iā€™ll have a few more tricks in my arsenal. I liked this box.

Can someone PM me some nudges on root? Iā€™ve found the thing you get from basic enum once youā€™re on the box, but Iā€™m not well-versed enough in snake language to understand how to go from there to root.

EDIT: Rooted. Figured it out on my own after looking up how things work wrt the intended attack vector. Very fun box, great for OSCP practice. Iā€™d consider it more of a Medium box than easy.

First part of this box is absolutely terrible, lots of enumeration. Root part is cool.

Can someone explain me how to choose a wordlist over another? When should I choose this wordlist over another one.

root@admirer:/home/waldo# id
id
uid=0(root) gid=0(root) groups=0(root)

what a rideā€¦ Learned some new stuff, box defo harder than any of the other easy rated boxes iā€™ve completed.

Finally rooted!! Every time you feel you got there and now just have to jump and grabā€¦ NOOā€¦ It wonā€™t work! Something has to be changed! :wink:

Great box! Loved it because this box teaches you to look at every aspect. As @GibParadox said in page 9, attention to detail is crucial!

Though had a weird problem on reverse shell for root! Could not figure out why!

Thanks @EvilT0r13 and @murderfalcon. Thanks to the makersā€¦

Feel free to PM if need help!

@Y0urM4m4 said:

Can someone explain me how to choose a wordlist over another? When should I choose this wordlist over another one.

I usually start with a smaller ā€œbigā€ one, and then extend to a pretty large one, if I donā€™t get the desired results. If neither of them worked, I resort to start using random ones, in the hope to at least find something :smiley:

Hello guys,

Iā€™m looking for the path to rootā€¦ Iā€™m a bit lost with the stories of cobra features, power up, snakelife, king optionsā€¦ I found nothing on google.
Can someone PM me a link or be more explicit? :slight_smile:

Thank you!

Hello.
It seems, I need a help.
Iā€™ve found the login page of A*** tool , but creds I have donā€™t work, login without pass doesnā€™t allow me to enter, and the exploit Iā€™ve found with google asks some credentials. Hint me, please, what vulnerability I should to use. Or, may be, I am at wrong way?

Type your comment> @0ddM0d3 said:

Hello.
It seems, I need a help.
Iā€™ve found the login page of A*** tool , but creds I have donā€™t work, login without pass doesnā€™t allow me to enter, and the exploit Iā€™ve found with google asks some credentials. Hint me, please, what vulnerability I should to use. Or, may be, I am at wrong way?

Keep asking google, you are on the right path.

I managed to use the vulnerability in a****** to connect to my own m**** server. My guess is that I need to perform an S** command in a****** to retrieve some local data, but nothing seems to come out. Would someone be able to help or am I looking in the wrong direction?

Edit: Solved it!

Got now user on this box. Thanks @CurioCT for the nudge. Now on to root.

This box is not easy. I would rate it as a relatively hard medium.

Regarding the enumeration step where you need to be using a specific wordlist, I assume someone has put out a pull request for seclists by now right? (half joking, half serious)

Happy to give hints to anyone whoā€™s stuck, PM me