Rooted, more an easy one but great box, thanks for the ride @ChefByzen
From user 2 to root, itās pretty funny how the vuln works.
any hints on root part ???
@offs3cg33k said:
any hints on root part ???
The only thing you need to know is stay at home, itās covid time after all, always better to stay at home and read some book
Type your comment> @sparkla said:
@TazWake said:
In theory, the release arena is unique to you - other people cant be hammering it.
Thatās what I thoughtā¦ still Iām getting āunable to connectā¦ā by gobuster and āconnection timeoutā by Firefox. Itās works in between and I can see the ānewsā, then drops dead again. Reset the Release Arena box but it didnāt change.@ChefByzen said:
Maybe bruteforcing isnāt the way to go hereā¦
And I wrote āIām doing bruteforcingā exactly where?
Except you call nmap, Nikto or gobuster bruteforcingā¦I did read about F2B, so maybe itās āintendedā - but usually the āFailā means failing on a login attempt not 404s.
Iām not the owner of the box (obviously), but F2B can be configured to detect (and ban) directory brute forcing.
If F2B isnāt enough of a hint, you definitely do not need any sort of bruteforcing/fuzzing for initial foothold.
This one is all about the basics IMO.
Rooted. Very very Easy machine.
My hints-
For Foothold: Just look for CVE and try it.
For User 1: Enum on the landing root dir. R0ckYou will rock you.
For User 2: User1 and User2 are very good friends. They share everything.
For User 3: Stay Home and play hide & seek. Google all the way will land you on a good article.
PM for a little bit cryptic nuggets.
@ChefByzen Thanks for the cool machine.
Pwned. Great Box. Got stuck unnecessarily at first user, just because I was overlooking.
Thanks @ChefByzen
connection refused
Type your comment> @scorpion4347 said:
connection refused
Are you bruteforcing something you ought not to be?
yaa
anyone got a nudge for user 2?? been stuck for a long time now
Rootedā¦ pm for nudges
Type your comment> @soraa said:
anyone got a nudge for user 2?? been stuck for a long time now
If you got User 1 already, then you need to be in-home and check all the files.
Type your comment> @soraa said:
anyone got a nudge for user 2?? been stuck for a long time now
Dont look far. Just right infront of you
Type your comment> @gunroot said:
Type your comment> @soraa said:
anyone got a nudge for user 2?? been stuck for a long time now
If you got User 1 already, then you need to be in-home and check all the files.
oh wow i got it thx !!!
@kaungmyatmin said:
Type your comment> @soraa said:anyone got a nudge for user 2?? been stuck for a long time now
Dont look far. Just right infront of you
TYSM
I have got user1. But canāt find a way to user2. I have read the above comments. Found a keygs directory in .loc***re. I guess something will be revealed by the files in it. Can anyone give a nudge, am I on the right path?
Type your comment> @gs4l said:
I have got user1. But canāt find a way to user2. I have read the above comments. Found a keygs directory in .loc***re. I guess something will be revealed by the files in it. Can anyone give a nudge, am I on the right path?
no, wrong path ā¦ it is way more easy
Type your comment> @Oxeeql said:
Type your comment> @gs4l said:
I have got user1. But canāt find a way to user2. I have read the above comments. Found a keygs directory in .loc***re. I guess something will be revealed by the files in it. Can anyone give a nudge, am I on the right path?
no, wrong path ā¦ it is way more easy
Thanks . Was so easy that I completely overlooked it. Got it now