Rooted. Fun box!
Once you find the login page, consider the name of the box. This will allow you to get some creds. You will likely need to write your own script. You don't need to guess.
Rooted, thanks @gall0ws for nudges. Fun box, difficult but doable. Good work @thek. Am curious if this can be exploited to get root shell or just read the flag? I did the latter. EDIT: nvm, I wasn't looking closely enough.
Enumeration leads y…
So I've successfully created a R*P attack to get user, and have the Root Password. But it doesn't let me use it to ssh into root. Am I going about this wrong?
Edit: Got it.
Go through the very useful Ellingson writeup (https://0xrick.github.…
Got the salt and pass, unsure how to proceed with these? Trying to brute force with hashcat but looks like it's going to take a while... I'm assuming there has to be a better way? Please DM if you can offer a hint.
Was able to get user shell and see the vulnerability right in front of me, but am unsure how to exploit it. Any nudges?
Will be hanging out on: webchat.freenode.net channel: lacasadepapel or DM me please