Tough box, espacally of the few rabbit holes and also the p**g command does not work, so i always thought my in**tion does not work. The user part i have glady seen bevor on another box in the past. The Root part was also not too easy for me couse i thought i have to use open***. But finally got it If anyone need help, just pm me.
hey guys. can anyone give me a nudge, or brief explanation about how that service on port 3*** works? I solved it with tips, however how can someone find that logic of the service in the first place? any help is appreciated:)
hey guys. can anyone give me a nudge, or brief explanation about how that service on port 3*** works? I solved it with tips, however how can someone find that logic of the service in the first place? any help is appreciated:)
Look at how it was started and you will find why you get the information you got
Hi guys, I want to get a reverse shell using the ci** parameter. I used a command that worked for a friend, but it has been impossible for some time to use it, both for me and for him… I get this error: “ Lua error: /usr/local/webapi/weather.lua:49: attempt to call a nil value”
Hi guys, I want to get a reverse shell using the ci** parameter. I used a command that worked for a friend, but it has been impossible for some time to use it, both for me and for him… I get this error: “ Lua error: /usr/local/webapi/weather.lua:49: attempt to call a nil value”
When something doesn’t work that should work, try resetting the machine.
Well, that was a pretty difficult “easy” box, but really only because it uses software most people, including myself, are not familiar with.
The hardest parts for me were foothold and user. But, the information is all there, there is really very little guesswork or brute forcing.
Foothold: Do basic enumeration and play around with what you find. If you cause an error to occur, you’re getting warmer. Learn about the technology behind it and remember that before you can say something new, you have to finish what you were saying before
User: This stumped me for a while, but all of the hints are there, really. Enumerate and you will find something that’s not available from the outside. Forget trying the same thing as before, it won’t work. Also, consider that while the name of the program looks very familiar, it is actually something different. Study the manpage and what every option does and you will find the way forward.
Root: Stay where you are, you will not have to look very far. Everything you need is right there. Just remember everything is just a bit different than you’re used to.
sheesh that box kicked my ■■■■… I’d been feeling quite confident after doing Lab and Tenet in recent weeks, but I seemed to blunder my way through this one.
A fortunate typo helped with one thing , and then Google’s “Searches related to…” steered me in the right direction for root.
just rooted, great box indeed! learned some new things. One of the things I liked the most about this box was that the things you needed to root it were pretty well spread out - and what seemed to be red herrings were not if you could connect the dots. I think the biggest thing I learned (besides the OS) are how to be very meticulous about documenting your enumeration.
foothold
this one is a bit tricky and very easy to miss, and i would argue the most frustrating part.
your recon needs to be very extensive. Think of going beyond default options in your own tools and well-known wordlists, but also think of default options in the target. It’s a combination of exploiting info disclosure (from the app - both high and low ports), exhaustive and recursive web recon and learning a little bit of moon language.
user
very fun and reminded me of the old school way my university would sometimes serve documents - sometimes in someone else’s home. Also reminded me of some lectures in sys admin classes about some file that is very sensitive to web servers. Loot away! Use this in conjunction with some of the info from your foothold recon stage. Some one mentioned something about a squigly. I like to think of this as blindly grabbing a snack out of a vending machine once your arm is in deep enough that you cant see it - but if you more or less know how the snacks are organized, you know what you’ll be getting
root
this one was extremely interesting and i am wondering if anyone did it “offline” (if you did, please PM me). Once you are in as user, pillage away. Find the secret and invoke the power in the way this box likes to be talked to.
Sorry for any potential spoilers. I tried to be as metaphorical as possible, but this box really challenges you to piece it all together. Very fun!