Multimaster

could someone dm regarding escalation to user1->use2 tried to exploit ce with c****g.exe but no execution.

hey guys i feel so stupied right now, i dont know if it’s because i dont sleep for a day or what but I got c******g but there is no .exe and the documentation says it needs .exe,
I got to manage the rest because I used someones .exe that was already on the machine but it got reset so i lost it ;_;

Hello guys, so I downloaded C*****g.exe and put it in the machine but it doesnt run it gives a error on line 1 when i exec, I know this is a way because i got it running once with other .exe that was already on the machine, buti cant with mine.

I would appreciate some help because i need to do this until friday, its for university :cold_sweat:

So I think the machine is broken :smiley: I try ne*** with the s****e and i tryed all that are off and it doesn´t work and i know its throw there, i tryed with the two ways that I know.
Any Help??

Type your comment> @sparkla said:

Requesting assistance. Got the 3 of 4 passwords (and an idea how I’m supposed to get password nr. 4) but I’m stuck now. Tried every trick up my sleeve, unsure how to continue from here. Happy for a little nudge.

The last user to get/use is jn, did you getit? After this → WinP and ss man*t.

Type your comment> @sparkla said:

Type your comment> @choupit0 said:

Type your comment> @sparkla said:

Requesting assistance. Got the 3 of 4 passwords (and an idea how I’m supposed to get password nr. 4) but I’m stuck now. Tried every trick up my sleeve, unsure how to continue from here. Happy for a little nudge.

The last user to get/use is jn, did you getit? After this → WinP and ss man*t.

It seems I did not yet find this user, also I was sure I found all of them.

Another guy already helped me in PM, but thanks again! If I can’t find it, I’ll call again :wink:

:wink: You must find this third “roas*” user…

Can someone please help with user? I was able to create a user list based on the web app but i am not sure how to bypass the WAF, please give me pointers

I know what i need to do but i dont know how to do it, please give me some help

Rooted ! Need help ? Msg me on twitter @NeerajK85400479
or Msg me on Discord icoNic#0097

Arrexel

After more days Rooted!!!
I’m very happy and thank to my friends that gave me some input :wink:

Very interesting box

can someone explain what is going on with that waf, it returns results in one req and null on that same req after couple tries of other payloads, i thought there should be no lockouts on the boxes ?

Rooted. That was intense. The foothold was a killer. user2->user3 was annoying, as I had the correct files right in front of me, but missed it for a couple of days due to not using the right commands to view them. That was a ‘duh’ moment when I finally figured it out.

Thank you @MinatoTW and @egre55 for an amazing machine. This one felt very “realistic” in terms of the steps it took to get to root. All along the way I never felt like “oh, this is just contrived for the challenge”.

Edit: I forgot to add, thanks to @MariaB for the link on bypassing the WAF. Much appreciated, it was exactly what I needed.

i’ve attempted to progress on that box twice, and twice i am blocked with the same madness around the identifies stuff… it is all inconsistent. One function gives me and id, then in the other direction the other function returns nothing for that id. The domain ID are different and inconsistent, depending on how i retrieve them. When i convert them myself, bit by bit, the length is inconsistent.
Oh, and for users, the domain id is also a new different one… nothing makes sense with all of that.

EDIT: sort of got it… i don’t know why but by randomly trying alternative functions i finally have something consistent.

Finally rooted that beast… I’ll be very curious to see @VbScrub write-up on this one as on two areas i’m not very clear with what i saw, first, the *ids, which came in all sort of length, sometimes not consistent with one another, as i said in my previous post, then I’m surprised that the hound gave me different results depending on the ingestor used, and both actually missed the vulnerability in my case although i understand from the hints that they do find it for many people.

Hey. Im struggling with WAF bypass. Could someone send me a link about bypassing WAF?

@turb said:

Hey. Im struggling with WAF bypass. Could someone send me a link about bypassing WAF?

If you google what you are trying to do there are some very good articles on this. Start with TrustFoundry but there are other good articles. It is a very common bypass technique, it just needs some tweaks to work.

Type your comment> @TazWake said:

If you google what you are trying to do there are some very good articles on this. Start with TrustFoundry but there are other good articles. It is a very common bypass technique, it just needs some tweaks to work.

I just got one step forward. Thank you both @TazWake and @MariaB

Just rooted need help? msg me

Arrexel

First tell me your problem and if you like my help give +1

Since I have lots of time waiting for loot to drip character by character I might as well ask here - is it even useful to enum database? It’s probably 10th hour or so and I am at 9/17. Will I get 18 this way or is it waste of time?

Finally rooted, it’s a machine driving me crazy. Can’t do that without @TazWake , also thanks to @n33r47 for a nudge. DM me if anyone need a nudge.

So i finally did it.
This is indeed a huge behemoth of learning experience.
Again, thanks to @TazWake for nudges and sanity checks.
I have nothing to add to the hints already given here, so i will not deep dive into every single step.
The only suggestion i can give is: take your time, don’t forget to consider every single detail while enumerating the machine but be careful because there’s the risk of fallint into a huge rabbithole…