Admirer

And root !!!
For my surprise root was not difficult, maybe because I already dealt with something similar.
Hint for root:
Think how to trick a snake in a library.

PM me if you need help.

Finally got root. I clearly missed something important in the beginning and I’m not sure why I overlooked it for hours on end. Weird.
Many thanks for the ones who gave me a push in the right direction.

And, of course, thanks to the creators of this box.
(Not sure if I would rate it easy though, but enough said about that)

That was painful. Thanks to @roumy and @ixxelles for hints.

PM me if stuck.

I could use a gentle nudge :slight_smile: I have fuzzed my way to a credentials.txt but i cant wrap my head around how to get it so i can read in it. i have also dirb***** a lot but couldnt find the login page. Any advice is welcome

Could use a hint with the foothold here. Cant seem to find this login page. I think i have most of the other pieces.

edit: rooted.

def takes a lot of patience to properly enumerate everything, can’t rush through it for user part.
Root i needed to get some hints but overall not too crazy.

DM me for help.

which wordlists you guys use?

Type your comment> @CI9HER said:

which wordlists you guys use?

There are many wordlists available as BIGbang.

guys, a help please.
anybody who has rooted the box… pm me

finally rooted.
Honestly, this box should be rated as medium at least.
thx @ixxelles for putting me back on the right track

Great box, all those users and passwords were a little bit confusing, but still more fun than swearing. After all it has great educational value.
dm if you stuck

Would you kindly stop DDoSing the box, yes?? Slow down

I am working on root. There is something silly I must be missing. I have modified library/module. Can someone dm me to let me know if I am on right track or not?

What a well done box. I’ve really enjoyed this one, I don’t understand why such a low rating. So my two cents:

foothold: basic web enumeration you should always do. read what is written.
user: read the sauce. it’s a backup, may be a bit late - what may have the developer done since then?
root: basic privesc enum you should always do. if you’re lost and have no idea what to do, give yourself a time and read some privilege escalation on Linux machine on the topic. It will be clear soon.

And as always, don’t forget what’s the name of the box.

Great box. Enjoyed even the frustrating bits. Much respect to @TazWake for the help. If you need assistance, I guess I can help. Cheers.

Rooted,

Pm for nudges :slight_smile:

Just rooted

Thanks to @ixxelles and @apalooza for the nudges, helped get past the wall I was hitting.

Overall pretty dope box. The initial foothold definitely seemed the hardest. Root was super cool and definitely taught me something new.

PM me for help

Rooted. If anyone needs help. feel free to DM.

Just rooted the box. It was a brutal journey and i must say i kinda hated it for an easy box.

The initial foothold, the enumeration was fun - piecing together all the clues and avoiding the rabbit holes, but hated the mysql config part and all the issues I ran into. Thanks to @T13nn3s for the comment here and the hint about the char limit.

Running a few scripts showed me what to do for the root part. Even though it is pretty straightforward I struggled to get the reverse shell. There are a few articles that describe this, but everything needs to be tweaked and I definitely learnt something new about sudo here.

Can I pm someone to talk about getting user? I am kind of stuck on command target?

I have found both files in a****-**r, but I haven’t found that login page that everyone keeps talking about. I have tried several wordlists with dirbuster and nothing…
There must be something really obvious that I am not seeing… Can someone please give a hint?