@offs3cg33k said:
any hints on root part ???
The only thing you need to know is stay at home, it’s covid time after all, always better to stay at home and read some book
@offs3cg33k said:
any hints on root part ???
The only thing you need to know is stay at home, it’s covid time after all, always better to stay at home and read some book
Type your comment> @sparkla said:
@TazWake said:
In theory, the release arena is unique to you - other people cant be hammering it.
That’s what I thought… still I’m getting “unable to connect…” by gobuster and “connection timeout” by Firefox. It’s works in between and I can see the “news”, then drops dead again. Reset the Release Arena box but it didn’t change.@ChefByzen said:
Maybe bruteforcing isn’t the way to go here…
And I wrote “I’m doing bruteforcing” exactly where?
Except you call nmap, Nikto or gobuster bruteforcing…I did read about F2B, so maybe it’s “intended” - but usually the “Fail” means failing on a login attempt not 404s.
I’m not the owner of the box (obviously), but F2B can be configured to detect (and ban) directory brute forcing.
If F2B isn’t enough of a hint, you definitely do not need any sort of bruteforcing/fuzzing for initial foothold.
This one is all about the basics IMO.
Rooted. Very very Easy machine.
My hints-
For Foothold: Just look for CVE and try it.
For User 1: Enum on the landing root dir. R0ckYou will rock you.
For User 2: User1 and User2 are very good friends. They share everything.
For User 3: Stay Home and play hide & seek. Google all the way will land you on a good article.
PM for a little bit cryptic nuggets.
@ChefByzen Thanks for the cool machine.
Pwned. Great Box. Got stuck unnecessarily at first user, just because I was overlooking.
Thanks @ChefByzen
connection refused
Type your comment> @scorpion4347 said:
connection refused
Are you bruteforcing something you ought not to be?
yaa
anyone got a nudge for user 2?? been stuck for a long time now
Rooted… pm for nudges
Type your comment> @soraa said:
anyone got a nudge for user 2?? been stuck for a long time now
If you got User 1 already, then you need to be in-home and check all the files.
Type your comment> @soraa said:
anyone got a nudge for user 2?? been stuck for a long time now
Dont look far. Just right infront of you
Type your comment> @gunroot said:
Type your comment> @soraa said:
anyone got a nudge for user 2?? been stuck for a long time now
If you got User 1 already, then you need to be in-home and check all the files.
oh wow i got it thx !!!
@kaungmyatmin said:
Type your comment> @soraa said:anyone got a nudge for user 2?? been stuck for a long time now
Dont look far. Just right infront of you
TYSM
I have got user1. But can’t find a way to user2. I have read the above comments. Found a keygs directory in .loc***re. I guess something will be revealed by the files in it. Can anyone give a nudge, am I on the right path?
Type your comment> @gs4l said:
I have got user1. But can’t find a way to user2. I have read the above comments. Found a keygs directory in .loc***re. I guess something will be revealed by the files in it. Can anyone give a nudge, am I on the right path?
no, wrong path … it is way more easy
Type your comment> @Oxeeql said:
Type your comment> @gs4l said:
I have got user1. But can’t find a way to user2. I have read the above comments. Found a keygs directory in .loc***re. I guess something will be revealed by the files in it. Can anyone give a nudge, am I on the right path?
no, wrong path … it is way more easy
Thanks . Was so easy that I completely overlooked it. Got it now
root@passage:~# id
uid=0(root) gid=0(root) groups=0(root)
root@passage:~# whoami
root
Fun box, pm for nudges
Rooted thx @N0xi0us for your help at the root part.
Shell easy af, just google
User 1: look for juicy info files
User2: Its right there, but can be missed
root: Again, its right there, think about the covid comment and stay at home, the interesting part can be missed as well, but after googling you might know it when you see it.
Delete if it contains to Spoilers