Official Academy Discussion

@hashtagdeg said:
Someone give me a nudge please.
I changed a param by burp, and it took me into a special page, throught that page I saw souce code error messsages and some important information, but I don’t know what should I do next. Thx.

Try to find out more about what you see :wink:

@LiamKRP said:

Can someone help me with the inital foothold? I got into the “secret” page and saw some interesting info, researched some things and tried some exploits with no luck.

Could someone pm me pls?

You’re on the right track.
You either need to dig further, or check the exploits’ params :wink:

Nice box! Very funny especially the part of the second user! Congrats @egre55 and @mrb3n !

Pm if anyone need a nudge.

Type your comment> @panicfox said:

Would someone be able to nudge me? I know where i need to change a value to escalate my privilege on the website but I have no idea how to go about finding the correct value to use, nor how to properly enumerate. I tried burp intruder but only received a bunch of errors.

I’m also curious as to whether the site should look broken? None of the links I click work correctly, not even logout. I have no idea if it’s intentional or not.

If u have already escalated ur privilege on the website then maybe u should try to search for some other portal for logging in as a privileged user

i get root but flag is error

Rooted. For some reason, I did not notice the first step for foothold for quite an embarrassing amount of time. Sometimes it helps to go very slow at the start of your investigation and examine everything carefully. It’s so dead obvious, you cannot miss it… I guess I was expecting something to be found at a later step. It really is easier than anything I have seen before on here so I guess I didn’t expect it to be there. A good lesson in being thorough I guess.
The rest of the box flowed fairly quickly and did not require any brute force or scanning. Everything can be done with off the shelf tools and this box really did feel easy for once. Nice box to get me back in the mode after a couple month break, I enjoyed it!

Spoiler Removed

Wow web apps are really not my thing. Using the bodily function program on the second login page but whichever of the 3 parameters I change do nothing, am I being stupid?

Could anyone please PM me hint for user?

I’m going crazy looking for a needle in the haystack on the root path. Can any one give me a hint on PM?
Thanks for advance!

PD: Rooted. thanks everyone who help me ! :slight_smile:

Rooted, simple and straight forward. Has anyone done it without ms** ? I interested to discuss. I had troubles with some libraries.

Rooted, feel free to PM for a hint but be prepared to tell me what you’ve tried

Got 2-nd user. It has a privilege to read smth special, but needs lots of greps. People write above that it can be done without greps and lesses. I suppose it is a useful util or command to be aware off. So If anybody aware of it, dm me pls!

@MRwatch0xff That’s what iam trying to do two days now, but nothing :frowning:

stuck on Ll ms***. session not not created. Is my TA****U** not correct?

Type your comment> @Alexmackzie said:

stuck on Ll ms***. session not not created. Is my TA****U** not correct?

I’ve tried that as well, got the same issue.

Type your comment> @alphaomega said:

Type your comment> @Alexmackzie said:

stuck on Ll ms***. session not not created. Is my TA****U** not correct?

I’ve tried that as well, got the same issue.

Got it!
It needs something else thrown into it

Did someone change the fcking user flag?

@petrostheol said:

Did someone change the fcking user flag?

The flags change on every reboot.

Type your comment> @alphaomega said:

Type your comment> @Alexmackzie said:

stuck on Ll ms***. session not not created. Is my TA****U** not correct?

I’ve tried that as well, got the same issue.

I am still stuck on this as well…any hints appreciated ^^

Edit: Got it!! Thanks

I am still stuck on this as well…any hints appreciated ^^

you are probably missing one of the parametres of the exploit, try googling the one you are not using