Admirer

which wordlists you guys use?

Type your comment> @CI9HER said:

which wordlists you guys use?

There are many wordlists available as BIGbang.

guys, a help please.
anybody who has rooted the box… pm me

finally rooted.
Honestly, this box should be rated as medium at least.
thx @ixxelles for putting me back on the right track

Great box, all those users and passwords were a little bit confusing, but still more fun than swearing. After all it has great educational value.
dm if you stuck

Would you kindly stop DDoSing the box, yes?? Slow down

I am working on root. There is something silly I must be missing. I have modified library/module. Can someone dm me to let me know if I am on right track or not?

What a well done box. I’ve really enjoyed this one, I don’t understand why such a low rating. So my two cents:

foothold: basic web enumeration you should always do. read what is written.
user: read the sauce. it’s a backup, may be a bit late - what may have the developer done since then?
root: basic privesc enum you should always do. if you’re lost and have no idea what to do, give yourself a time and read some privilege escalation on Linux machine on the topic. It will be clear soon.

And as always, don’t forget what’s the name of the box.

Great box. Enjoyed even the frustrating bits. Much respect to @TazWake for the help. If you need assistance, I guess I can help. Cheers.

Rooted,

Pm for nudges :slight_smile:

Just rooted

Thanks to @ixxelles and @apalooza for the nudges, helped get past the wall I was hitting.

Overall pretty dope box. The initial foothold definitely seemed the hardest. Root was super cool and definitely taught me something new.

PM me for help

Rooted. If anyone needs help. feel free to DM.

Just rooted the box. It was a brutal journey and i must say i kinda hated it for an easy box.

The initial foothold, the enumeration was fun - piecing together all the clues and avoiding the rabbit holes, but hated the mysql config part and all the issues I ran into. Thanks to @T13nn3s for the comment here and the hint about the char limit.

Running a few scripts showed me what to do for the root part. Even though it is pretty straightforward I struggled to get the reverse shell. There are a few articles that describe this, but everything needs to be tweaked and I definitely learnt something new about sudo here.

Can I pm someone to talk about getting user? I am kind of stuck on command target?

I have found both files in a****-**r, but I haven’t found that login page that everyone keeps talking about. I have tried several wordlists with dirbuster and nothing…
There must be something really obvious that I am not seeing… Can someone please give a hint?

Type your comment> @Dr0g0n said:

I have found both files in a****-**r, but I haven’t found that login page that everyone keeps talking about. I have tried several wordlists with dirbuster and nothing…
There must be something really obvious that I am not seeing… Can someone please give a hint?

Check back on your enumeration again. Consider what you got from both the files and what other services have you found. Work from there and you can figure out indirectly the path to the login page. DM me if you still really can’t find it

Spoiler Removed

Finally rooted and finished this task. This is really an interesting box for easy because it is less about exploits but more about how you enumerate, the attention to details and of course, to break out of your tunnel vision too. A lot of red herrings to mislead you but if you have a proper methodology or you keep really good enumeration notes, this will really help you. Like how this trains us to enumerate more than to exploit.

Thank you @polarbearer and @GibParadox for making this.

Awesome box,

Thank you @polarbearer & @GibParadox for creating this fun experience.
Really enjoyed the foothold.
Root was a journey too

Cheers @polarbearer & @GibParadox. A tricky box, learnt a lot. That initial Enum was tough (for a newb like me)!

Also cheers to @L0J0 for the nudge towards the initial login page.

My priv to root didn’t have anything to do with b*****.py so I’m curious to know how that worked if anyone is keen to DM me and swap approaches?