Travel

Type your comment> @lebutter said:

Am i the only one who is trying to get a replica of the blog setup locally ? The Simplepie stuff is NOT working in my case and i have no idead why… i’m feeding it the original same file, it’s pretty much 100% same code as from the server… yet it doesn’t display the travels.

You may lookup the error. A simple google quickly revealed for me what I was missing.

Hint: It was not directly related to Simplepie but m*******e - missing as a module. You also find hints to it in the “main” source file.

Good luck :slight_smile:

Thanks… but i’m not using m****, i’m basically running the simplest version of it, i’ve got it down to pretty much the same as what they show on tutos… yet, it doesn’t query that feed file and doesn’t return anything. No error either. So far i’ve basically spent most of my time trying to create a freaking one page wordpress blog, this is driving me nuts.

Finally got it. I never managed to get my replica of the bl** working but that wasn’t completely necessary. This server was insane for me.

The foothold is definitely the hardest. Many times i though i was going too much down a rabbit hole and thought myself thinking “this is too convoluted”, when buried into source code to my neck… which for me is tricky as i’m not a developper. I struggle to follow code in big code bases.

User and root are easier although not that straight forward as it relies on a service i hate.

Rooted it! The foothold was very, very hard, but very, very enjoyable! Thanks @xct and @jkr for this awesome box! Also thanks @Roinard and @anoNym1ty for the nudges!
If you need a small nudge, feel free to send me a PM!

Is anyone doing this box?

Type your comment> @all said:

Is anyone doing this box?

I was last night, got a bit stuck but planning on having another crack at it!

Type your comment> @JaXigt said:

Type your comment> @all said:

Is anyone doing this box?

I was last night, got a bit stuck but planning on having another crack at it!

OK, great. Looked through threads here and hints are too cryptic. My line of thought is perhaps there is something there in r** page and j**n *pi

@all said:

OK, great. Looked through threads here and hints are too cryptic. My line of thought is perhaps there is something there in r** page and j**n *pi

It kind of depends on where you are stuck. User is a lot harder than root here.

If you are looking for user - enumerate it a lot, find something, dump it and read it. By reading it you should get an idea about what is vulnerable in the code, then you can build an attack to exploit this. I found this step very hard with a lot of trial and error to get the right syntax.

Eventually, this gets you a foothold. More enumeration, find something which allows you to connect properly with a real shell and you can get user. Privesc is, compared to that, quite straight forward.

Tough, but awesome experience. Props to the makers. PM for nudges.

Hello, can someone give me a hint on the “basic enumeration” after the first shell. I found one password and some uncrackable password hashes. That’s basically it - I dont know how to proceed from here.

Edit: Somehow hashcat did not work for me. I used john instead and it worked. Thanks @TazWake

@doxxos said:

Hello, can someone give me a hint on the “basic enumeration” after the first shell. I found one password and some uncrackable password hashes. That’s basically it - I dont know how to proceed from here.

Have a look for other ones - maybe something someone backed up somewhere.

Would someone like to nudge me on foothold. I have enumerated directories and scanned several different ways.

@baitin said:

Would someone like to nudge me on foothold. I have enumerated directories and scanned several different ways.

Fuzz a lot. Find something which looks like a repo, download it. Read what it contains. Build an attack based on what it contains (and the source code to something it points to). Exploit it. Get a shell.

Would someone be so kind as to help me with the foothold? I’ve scanned all the sites, tried to look for files to download and found nothing. It’s probably obvious to others, but I have exhausted all I know.

@AzAxIaL said:

Would someone be so kind as to help me with the foothold? I’ve scanned all the sites, tried to look for files to download and found nothing. It’s probably obvious to others, but I have exhausted all I know.

Fuzz around a bit. I know it sucks but “try harder” when it comes to looking for files to download.

Could use a nudge for foothold → user. Feeling insane since people are saying it’s “simple enumeration” compared to the last part.

Found the second credential in b*****---****.**l, cracked it, no idea where to use it.

Edit: I was missing something fairly obvious. Thanks @TazWake for clearing it up :slight_smile:

Thanks

@imkilgor said:

Could use a nudge for foothold → user. Feeling insane since people are saying it’s “simple enumeration” compared to the last part.

Found the second credential in b*****---****.**l, cracked it, no idea where to use it.

Thanks

Have a look at what ports are open which are commonly used to allow people to log into systems.

@TazWake said:
Have a look at what ports are open which are commonly used to allow people to log into systems.

But it’s pubkey only?

@imkilgor said:

@TazWake said:
Have a look at what ports are open which are commonly used to allow people to log into systems.

But it’s pubkey only?

How sure of that are you? If you have the username and password, you need to double-check that.

Man this box is INSANE! I have been trying for I do not know how long and finally have user now lol