Poison

@@Thiseas Grats man! It was so hard, and so easy…after off course :slight_smile:
Keep it up!

@Thiseas thats what Im talkin’ about. Good job. See, you just have to read the man pages. I know the feeling when you read it and boom. You get it. Up for the new boxes/challenges!

Is this box getting continually messed with or something?

Ive extracted the file, found the “suspicious” service, done some “digging” and even tried to use the secret file in another way besides reading it. Half the time the relevant ports arent open, and when they are they change numbers

do i need to redownload secret.zip each time? I was able to get it all to work but even then i didnt have any privileges. Ever since then, doing the exact same things, i get either “too many tries” or “error 111” which is when the ports arent open or just auth failed.

can someone pm me a small hint on what to do if i can get connected again?

you know whats sad is that I havent even been able to escalate from www to charix! haha. much less to root! Ive been on this box for at least 8 hours a week for a month.

i got vnc screen but still what to hit… no idea… need just hint… if anybody can PM.

Hi guys, I downloaded the zip file to my pc, I don’t know the password, I heard I shouldn’t bruteforce it, and I tried passwords such as poison, charix and charix’ password.

Any hint/help?
THanks in advance!

try one of those things again, but make sure you’re typing it right

@JohnVanBoxtel said:
Hi guys, I downloaded the zip file to my pc, I don’t know the password, I heard I shouldn’t bruteforce it, and I tried passwords such as poison, charix and charix’ password.

Any hint/help?
THanks in advance!

Try to open it in your local box… using what @granadm1 suggested.

@Djinn45SQL99 said:
you know whats sad is that I havent even been able to escalate from www to charix! haha. much less to root! Ive been on this box for at least 8 hours a week for a month.

B coolz my friend & don’t blame your self… Just try to take advantage of the 1st vulnerability u find by examining specific files contents that can give both info…
Hint: u need to explore more than one file to get all cred/s.

Rooted this a while back. PM me if you need a nudge. :slight_smile:

when i try to connect server but i always got “gray screen”
anyone can help me for this issue?

thanks

Just rooted this thing. took me 10 min for user and a day for root. If you need any help PM me

@bergabman said:
This link was already posted before, but I drop it in again. Read it. But the most important, understand it. Understand how it works together, and also how the components work. You have to understand the services to see the next step. And I mean it. Dont just think you know how it works, but know it. Maybe you know how the general usage of the services, but do you know all the options they have? Know it how it can work and what are the possible options. When you get that, the picture will be complete. https://www.cl.cam.ac.uk/research/dtg/attarchive/vnc/sshvnc.html

Thanks for this post, the crux of how to get root is within the page.

Can someone PM real quick reguarding PrivEsc. Want to check my thinking/logic

Rooted - Pretty good box - took some research and a nudge but nothing crazy.

what do i need to look up in order to escalate from www user to charix. There is nothing in the forums about it which makes me think that I’m down a rabbit hole

how are you people getting user c###ix? does everybody get a rev shell with user www and then priv esc to c###ix?

@Djinn45SQL99 said:
what do i need to look up in order to escalate from www user to charix. There is nothing in the forums about it which makes me think that I’m down a rabbit hole

hahaha mate did you really get your way in with the LFI ? you deserve the hint: while playing with the LFI’d script try to enumerate the names of all the files you can see within the directory

for those who ask about how to find the username?
Guys… basic LFI lesson: What is the file that first check when u find an LFI vuln???
…well more hint? OK… take it: LMGTFY - Let Me Google That For You

Spoiler Removed - Arrexel