Official Unbalanced Discussion

Got into mgr and enumerated more hosts, one seems acting different than the others. Still wondering if the cve for s**id is a rabbit hole or not? Found a poc but haven’t get it to work yet.

Type your comment> @axxer said:

so i’m on a web page but i don’t have any creds except the one password we used to get info about this page. Any nudges will be appreciated.

Same here. This is my first Hard Machine :tongue: :neutral:

It was an iteresting expirience, learnt a lot on this box.

Got user :neutral:

Hint: don’t get stuck on rabbit holes like i did. If you tried everything that you can, take a step back and think about what you are doing. How is the architecture designed? How does it work? How does that compare to what you have?

Research every piece of info that you get, especially from the locations that everyone is mentioning here. There is a way in.

User is the only hard part in this box.
For root just read what you have and find exploit, there is MSF available for this.

Amazing box!!!
User was tough - lots of enumeration . i got stuck at some little things .Thanks @Caracal

LOL i hit enter before i finished…
Thanks also @lmakonem .
Root was easier .Just google when you find it

Found the suspicious one but it’s hard to find an exploitable vuln with such a small surface…will continue tomorrow

Challenging box. As is often the case, lots of enumeration is needed.

I had to install some new tooling to read the things I recovered but after that, it flows a bit more naturally. You have a lot of information but if you focus on things which relate to your enumeration, you can minimise the data overload.

Remember the mantra "dump creds, crack creds, use creds " - if you ever find creds, use them.

From there you can find a clue by what is missing. Probe for it and see what happens.

After that you find a fairly traditional attack. It just takes forever to complete to get to user.

Privesc is potentially easy but you absolutely need to fully understand (and modify) the attack you are using.

Rooted !!!
Thanks for all help and hints.

If someone could nudge me in the right direction on how to access that manager, I’d be very thankful. Already found the unsafe rule but stuck with a deny. Also tried using that tool

Edit: Figured out where I was going wrong thanks to @amplex !

Finally rooted!
Thanks for the box @polarbearer & @GibParadox.
If anyone need a help, contact me :slight_smile:

Nice! I got stuck in a couple of places during foothold but managed to trust my instinct and persevere. As mentioned before, each piece of information is important to get to the next step. Follow the paper trail. Pay attention to what is NOT there.

If you need a nudge, let me know.

Happy Hacking!

Rooted!
Thanks to @bdadoo for the nudge. PM if you need a nudge.

Spoiler Removed

just found the hidden space… fun box so far

Finally rooted.

Thanks to @MariaB, @AidynSkullz and @TazWake

Got a password but don’t see the login page everybody is talking about, could anyone please pm ?

Getting the user was pretty cool.
Excellent box, I learned a lot of new things! :smiley: