Official Academy Discussion

@el0uid said:

So, I found the secret a**** area. Found the MSF l****** exploit and set VHOST to dev--**-..*** . After running the exploit, the output in Burp is a 500 UnexpectedValueException . Can anyone point me in the right direction?

Are you pushing the attack through burp rather than at the server directly via MSF?

If you are using MSF, dont forget the key matters.

Type your comment> @TazWake said:

@el0uid said:

So, I found the secret a**** area. Found the MSF l****** exploit and set VHOST to dev--**-..*** . After running the exploit, the output in Burp is a 500 UnexpectedValueException . Can anyone point me in the right direction?

Are you pushing the attack through burp rather than at the server directly via MSF?

If you are using MSF, dont forget the key matters.

Okay, I’m dumb LOL … I found the key.

so i think i’m really stupid here. I got a shell and spent so much time almost 3 days trying to get a user flag using enumeration that everyone is talking about but really couldn’t! i used linux enumeration script l*np**s.sh and it got me so many files and i almost looked into all of them with nothing! I know i’m a beginner so i think i’m missing a something fundamental here?

i found so many passwords that are default ones and tried them all on the box and mysql and ssh but no luck. something is definitely wrong with me.

if anybody is willing to help i would appreciate it.

I really need a push with user1 and user2. I am clueless.
Nudge plz.

@nnahnnoud said:

so i think i’m really stupid here. I got a shell and spent so much time almost 3 days trying to get a user flag using enumeration that everyone is talking about but really couldn’t! i used linux enumeration script l*np**s.sh and it got me so many files and i almost looked into all of them with nothing! I know i’m a beginner so i think i’m missing a something fundamental here?

i found so many passwords that are default ones and tried them all on the box and mysql and ssh but no luck. something is definitely wrong with me.

if anybody is willing to help i would appreciate it.

Most scripts wont find it because it isn’t in human-readable form. In Linux lots of things get logged by auditing tools. If you can find something which captured someone else doing what you want to do, this might be useful.

@cypher0x1 said:

I really need a push with user1 and user2. I am clueless.
Nudge plz.

In Linux lots of things get logged by auditing tools. If you can find something which captured someone else doing what you want to do, this might be useful.

Just finished the machine, it was very nice and learned a lot!

If you need some nudges write me!

Is anyone having issues with the box today? My SSH sessions and M*****ole sessions work initial by stop responding after 20 seconds.

Anyone having issues with the web-site?
Loads fine prior to account creation - but as soon as I logon the whole things goes to a grinding halt …
This is on Kali - Firefox
Chromium works better but I would like to use burp-suite (which seems to be on firefox only - unless I am mistaken?)

Type your comment> @acidbat said:

Chromium works better but I would like to use burp-suite (which seems to be on firefox only - unless I am mistaken?)

Burp runs as a proxy, so you just need to configure whatever browser’s proxy settings to route the traffic through burp’s proxy.

Unless I am misunderstanding.

Type your comment> @svenkali said:

Type your comment> @acidbat said:

Chromium works better but I would like to use burp-suite (which seems to be on firefox only - unless I am mistaken?)

Burp runs as a proxy, so you just need to configure whatever browser’s proxy settings to route the traffic through burp’s proxy.

Good point :smile: - Thank you :smiley:

Nice box rooted

Enumeration is the key

Hi All, Have managed to get a foothold and shell, struggling with how to get to user1 any nudges? Have ran enumeration script but not sure what I’m looking for

nvm rooted

# whoami && hostname
root
academy

Anyone able to dm and help on getting user1? I’ve had this shell for several hours and know the area im supposed to be looking in but i haven’t found a single thing in the wealth of files.

@AlexMages said:

Anyone able to dm and help on getting user1? I’ve had this shell for several hours and know the area im supposed to be looking in but i haven’t found a single thing in the wealth of files.

I never mind people sending me DMs. The short answer, however, is that you’ve probably overlooked a file in a folder where you landed.

I keep seeing people talking of password reuse for user 1. I found an interesting looking password not far from the initial foothold. But it doesn’t work for any of the users with login shells. nudge pls.

@back2hack said:

I keep seeing people talking of password reuse for user 1. I found an interesting looking password not far from the initial foothold. But it doesn’t work for any of the users with login shells.

Are you sure you cant switch into any of the users with what you’ve found?

rooted, not an easy box IMO, every step besides foothold and root are just using grep and ls in just the right way, although root was a pleasant surprise and only took a minute or two