Curious as to what the root was all about as it doesn’t really make sense to me the format in which I found it? Anyone got any ideas then let me know!
Other than that, amazing box, ripped me to shreds the last 3 days, even considered going outside at one point. Cheers! Open for help if anyone needs it but I’m having a beer and a pizza now.
Finally rooted it. @MrR3boot thanks for the pain. @nicoswd thanks for not letting me give up at user1 > user2 even though I tried about 6 times. What a ride. Encoding is important.
Potential typo in j**.*hp? Logged in as s**, and it’s very clear what to do (if it is a typo); however, the script does a chmod on a j** directory that doesn’t exist? Trying to be vague but please PM for details… Let me know if a typo or if I need to look elsewhere…
USVIP7, if that makes a difference.
Looks like a typo, yes. You can still exploit it, though
Hey all. I need help in initial foothold. I found the service running on that por***.q****.h**
and also found a tool which can be used to access that particular service. But i’m encountering on error while installing.
like this "could not find static ‘cry**o’. Can anyone help me out?
PM me
Got root! hardest box i’ve ever done, shaken me to my very core and nearly quit hacking. But it was very well written and worth the own! Very eye opening -
PM me when the pain is too much and you’ve tried everything lol
You need to do two tasks for each step. I try to give you some hints although it is really hard to give hints without spoiling the box.
Edit or delete the comment if it spoils the box.
Initial foothold:
Nmap supports different protocols for scanning. You can find some port numbers which works on different protocols. Find it and google for the appropriate tool.
Pick your smartphone up and look at your gmail inbox, you haven’t recieved all emails from gmail users, right?
User1:
Always know what you request and what you get in return. Burpsuite is always your friend.
User2:
Oh ■■■■! its really amazing, just read, and think out of the box. If you are not good at programming, hmmmm it’s ok, you can find another way to get into the page. just Think Out Of The Box.
If you are not good at PHP, hmmm you would be in pain
Root:
There is nothing to say, just stay at home and read everything you see.
I struggled hard with this box but in reply to all the messages here’s my two cents of hints:
Foothole: yes, youre on the right track. It’s meant to be like that.
User: Not sure how to hint this one without giving too much away, previous forum posts have mentioned this plenty of time. lmk if you need sanity checking…Amazing user flag so you’ll feel better if you get this on your own.
Second user: I figured this out the hard way. Don’t bother wasting time experimenting and testing…just actually exploit it, but don’t go too far. Thank me later. Thanks to @nicoswd for that one.
Root: Standard enumeration - with all the terrible things happening in the news, its safer to just stay and home and hack ■■■■.
Feel like I am missing something easy and could use a nudge, I have the first password and I feel like im just sitting here playing guess the email, what am I missing. I have tried generating a bunch of potential things based on clues in other pages.
Feel like I am missing something easy and could use a nudge, I have the first password and I feel like im just sitting here playing guess the email, what am I missing. I have tried generating a bunch of potential things based on clues in other pages.
It is a bit of “guess the email” but this is pretty much the crux of enumeration. There is enough information available on the various bits you have access to, so that you can “guess” the email you need.
However, it might be better to use the information to create a wordlist then try a password spray attack.
I have access to the login creds and t******.php, but I need help with my payload. I can get commands to execute (from what I can tell), but I can’t get anything useful to run successfully.
Feel like I am missing something easy and could use a nudge, I have the first password and I feel like im just sitting here playing guess the email, what am I missing. I have tried generating a bunch of potential things based on clues in other pages.
It is a bit of “guess the email” but this is pretty much the crux of enumeration. There is enough information available on the various bits you have access to, so that you can “guess” the email you need.
However, it might be better to use the information to create a wordlist then try a password spray attack.
I’m still stuck guessing a valid username after taking these steps. I tried a lot of combinations. Any more hints?