Type your comment> @acidbat said:
Do I need to bypass the IP Address Ban message that I see on the page or is it a rabbit hole?
Find the answer to your question?
Type your comment> @acidbat said:
Do I need to bypass the IP Address Ban message that I see on the page or is it a rabbit hole?
Find the answer to your question?
Type your comment> @htbprctc334 said:
Type your comment> @acidbat said:
Do I need to bypass the IP Address Ban message that I see on the page or is it a rabbit hole?
Find the answer to your question?
Not yet - could be a rabbit or something I havenāt figured out yet
This was an awesome box! Everything you need is right in front of you, though you may need to dig deeper.
I did have an issue with one of the services. For some reason, it was returning an error, but after a reset, the problem was fixed.
If you need a hint feel free to PM me.
Really great box @helich0pper!
Type your comment> @acidbat said:
Type your comment> @htbprctc334 said:
Type your comment> @acidbat said:
Do I need to bypass the IP Address Ban message that I see on the page or is it a rabbit hole?
Find the answer to your question?
Not yet - could be a rabbit or something I havenāt figured out yet
rabbit it is
Type your comment> @acidbat said:
Do I need to bypass the IP Address Ban message that I see on the page or is it a rabbit hole?
I just added it for a more immersive experience:)
Type your comment> @helich0pper said:
Type your comment> @acidbat said:
Do I need to bypass the IP Address Ban message that I see on the page or is it a rabbit hole?
I just added it for a more immersive experience:)
Cheeky - Nice work
Just a tip so people donāt loose a few hours like me : when itās time to āpretendā, during the initial foothold phase, you might have to reset the box to make it work. Someone might have done something that makes it impossible for you to pretend to be your target.
Might be a bit cryptic but I donāt want to spoil.
rooted. really fun box with a nice progression through the various steps, thanks @helich0pper!
PM if you need a nudge.
Awesome box ! Your enumeration has to be on point. I enjoyed a lot the last part, the process of setting everything up properly after figuring out what was going on was very satisfying. Thank you @helich0pper
(this is my first Hard box, and Iām finding it a heckuva jump from Mediumā¦!)
Can I request some help with the foothold, please? Iām using burp, and a well documented technique to read files I shouldnāt be able to read, but Iām struggling to identify the right file to read.
For example, Iāve read the contents of db.scriptinglanguage (which, I assume, means my technique is working?), but when I use that same technique to read the files in the scriptinglanguage folder itself, I donāt see the amount of āscripty stuffā in those files that I expected to see.
EDIT: well, this just embarrassingā¦ thanks to @camk , Iāve now realised my initial recon of the box was lacking. Not sure how I managed to screw up that step, but lesson learned - ācheck your basics, Paddanada!āā¦
Just Rooted the box it took 4 days to complete. While doing that box i feel like working on real world target. No bruteforce no guess workā¦ You must see everything in technical way.
To solve this boxā¦ Must understand the application flow.
Enumeration is the keyā¦
Thank you @helich0pper
After spend a far bit of time on this box itās clearly going to require more skills then i currently have. For all you that have finished it and have OSCP cert would you say this the kind of box that one should expect to find on that exam?
Hey,
Iāve been working on root but Iām currently stuck.
Iāve seen whatās inside K, and have been trying to read the content of that one table through several means but no luck so far. Is it what Iām supposed to do or am I missing something?
Thanks!
Is RCE on some web site intended way? Got low. priv shell with that
Type your comment> @mach1ne said:
Is RCE on some web site intended way? Got low. priv shell with that
I went this was as well. Now I know there may have been a shorter way with better enumeration, but I have learned some interesting stuff this way too.
I have learned to count from 1 to 4 and was able to find an interesting key, which doesnāt seem to fit in any holeā¦ i would be glad for a nudge.
Edit: rooted
well, despite my faltering start, Iāve completed the box!
The very last step was a bit of a guess inspired by an old Stack Overflow thread, and a helpful error messages from the chef. I found this box to be a very worthwhile to persevere with as there so many facets to it - good stuff, @helich0pper !
Thanks again to @camk for picking me up after I fell at the first hurdle.
Can someone help me a bit in DM, please? Iām trying to get root, Iāve found an encryption key and something to decrypt with it, which gets me something what looks almost like a password, but has some binary content at the end, so I canāt decode it as a text. Am I on the right path, or totally off maybe?
Type your comment> @RummyExpress said:
Can someone help me a bit in DM, please? Iām trying to get root, Iāve found an encryption key and something to decrypt with it, which gets me something what looks almost like a password, but has some binary content at the end, so I canāt decode it as a text. Am I on the right path, or totally off maybe?
Try different modes