@Andross said:
I used cewl to generate a few credentials. I don’t know if thats enough nor would I know to go from there if it wasn’t. An help/hints? I know there were several hints previously
The user is a default and the password is on the first page of the site.Try to put them all in lowercase and uppercase, do your tests.
get user access <<===========================
step 1: try web access
step 2: look behind the… DOM
step 3: Get the hint u find from step 2.
step 4: Goto to this… hint
step 5: check known vulns on this & metasploit is a great help here (search for this very Xploit)… u will and up with a clue, of what u need to find… more hints: well, a username : password !
step 6: Well, the username is so… common (u can also find it inside some… paths… ). The pass need a little guessing. Hint: It is in front on your eyes if start reading the challenge from the… very beginning.
step 7: Found them?.. Congratz! Now use them in msf on tha corresponding Xploit… just to get meterpreter, shell, etc…
step 8: get the flah of user.txt n go for # baby!
g0t r00t? <<===========================
What you need here is just to run one simple command that is very common when u perform enumerations… and yeS yoU shoulD knOw it! one more parameter is need on it
Then… follow your heart or make some lemonade (as a friend above suggested) .
Hint: just put in this file what u need to know…
I’m still having problems getting the root flag. I’ve tried numerous commands, but I’m probably doing something wrong. It either times out or some other reason.
@Vex20k said:
I’m still having problems getting the root flag. I’ve tried numerous commands, but I’m probably doing something wrong. It either times out or some other reason.
Like many have suggested, enumeration of the box is really really handy in this case. There is a magic sentence somewhere in there:D