Official Passage Discussion

Rooted, more an easy one but great box, thanks for the ride @ChefByzen
From user 2 to root, itā€™s pretty funny how the vuln works.

any hints on root part ???

@offs3cg33k said:

any hints on root part ???

The only thing you need to know is stay at home, itā€™s covid time after all, always better to stay at home and read some book :wink:

Type your comment> @sparkla said:

@TazWake said:
In theory, the release arena is unique to you - other people cant be hammering it.
Thatā€™s what I thoughtā€¦ still Iā€™m getting ā€œunable to connectā€¦ā€ by gobuster and ā€œconnection timeoutā€ by Firefox. Itā€™s works in between and I can see the ā€œnewsā€, then drops dead again. Reset the Release Arena box but it didnā€™t change.

@ChefByzen said:
Maybe bruteforcing isnā€™t the way to go hereā€¦ :smile:
And I wrote ā€œIā€™m doing bruteforcingā€ exactly where? :smile:
Except you call nmap, Nikto or gobuster bruteforcingā€¦

I did read about F2B, so maybe itā€™s ā€œintendedā€ - but usually the ā€œFailā€ means failing on a login attempt not 404s.

Iā€™m not the owner of the box (obviously), but F2B can be configured to detect (and ban) directory brute forcing.

If F2B isnā€™t enough of a hint, you definitely do not need any sort of bruteforcing/fuzzing for initial foothold.

This one is all about the basics IMO.

Rooted. Very very Easy machine.
My hints-

For Foothold: Just look for CVE and try it.
For User 1: Enum on the landing root dir. R0ckYou will rock you.
For User 2: User1 and User2 are very good friends. They share everything.
For User 3: Stay Home and play hide & seek. Google all the way will land you on a good article. :wink:

PM for a little bit cryptic nuggets.

@ChefByzen Thanks for the cool machine. :wink:

Pwned. Great Box. Got stuck unnecessarily at first user, just because I was overlooking.

Thanks @ChefByzen

connection refused

Type your comment> @scorpion4347 said:

connection refused

Are you bruteforcing something you ought not to be?

yaa

anyone got a nudge for user 2?? been stuck for a long time now :frowning:

Rootedā€¦ pm for nudges

@scorpion4347 said:
yaa

This box doesnt need bruteforce

Type your comment> @soraa said:

anyone got a nudge for user 2?? been stuck for a long time now :frowning:

If you got User 1 already, then you need to be in-home and check all the files. :slight_smile:

Type your comment> @soraa said:

anyone got a nudge for user 2?? been stuck for a long time now :frowning:

Dont look far. :slight_smile: Just right infront of you

Type your comment> @gunroot said:

Type your comment> @soraa said:

anyone got a nudge for user 2?? been stuck for a long time now :frowning:

If you got User 1 already, then you need to be in-home and check all the files. :slight_smile:

oh wow i got it thx !!!

@kaungmyatmin said:
Type your comment> @soraa said:

anyone got a nudge for user 2?? been stuck for a long time now :frowning:

Dont look far. :slight_smile: Just right infront of you

TYSM :slight_smile: :slight_smile:

I have got user1. But canā€™t find a way to user2. I have read the above comments. Found a keygs directory in .loc***re. I guess something will be revealed by the files in it. Can anyone give a nudge, am I on the right path?

Type your comment> @gs4l said:

I have got user1. But canā€™t find a way to user2. I have read the above comments. Found a keygs directory in .loc***re. I guess something will be revealed by the files in it. Can anyone give a nudge, am I on the right path?

no, wrong path ā€¦ it is way more easy :slight_smile:

Type your comment> @Oxeeql said:

Type your comment> @gs4l said:

I have got user1. But canā€™t find a way to user2. I have read the above comments. Found a keygs directory in .loc***re. I guess something will be revealed by the files in it. Can anyone give a nudge, am I on the right path?

no, wrong path ā€¦ it is way more easy :slight_smile:

Thanks . Was so easy that I completely overlooked it. Got it now