gs4l

About

Username
gs4l
Joined
Visits
501
Last Active
Roles
Member

Comments

  • The foothold was so simple that it made me self doubt my skills
  • I can read files, was able to find the directory of the webserver and read the co**ig files, got creds to m***l. From this point, I can't find a way forward to create a reverse shell. Nor I can find anything to ssh. I've tried everything I know but …
  • Rooted! I was stuck at the beta page and got help to find the creds. I understood what that page does but cannot understand how did we figure out to put THAT URL there and that it will give out the cr**s. Could someone who completely understands ho…
  • Type your comment> @dragonista said: (Quote) Thanks mate, I was blindly just uploading the zip file for rce. Looked at the contents in the zip and got an idea and it worked. Just got user Edit: got root ... not sure whether the root part wa…
  • Got rce but none of the rev shell one liners seems to be working for me. Also can't find any wget or curl to upload files on the box. Any nudges?
  • Hi Can't seem to understand the way to foothold. I used gobuster multiple times, didn't find anything useful. Analyzed all the requests, not found anything. Searched for vulns for the nginx version, did not find anything useful. Cannot find any cred…
  • Working on root I found some files names ha*****e and re*****y numbered from 0 to 7. The files contained some hashes. Is this the right track because there are plenty of hashes and will take time to crack. If not, could anyone give a nudge in the ri…
  • How did we come to know that the creds should be used to login via s**? I used the creds in the page which was mentioned there and then got stuck.
  • Could someone explain why the foothold works the way it works?
  • I discovered a .sh***p file in the downloaded archive. However when opening it in browser it gives a blank page and with curl I get a 404. It's a rabbit hole I guess, or is it not?
  • Type your comment> @Limpskinz said: (Quote) There is no need of dirbuster to get the shell. Just read everything on the webpage and use google.
  • Type your comment> @MillyBilligan said: (Quote) How did you decrypt the creds of n*v, I was only able to decrypt pl's creds.
  • Can someone help me, I can't find the file which contains the info to foothold. I had downloaded all the files from the rsync, the day this box was released. Went through each of them for the 5th time now but can't find anything useful. Maybe I don…
  • Type your comment> @H4FN said: (Quote) If you store your password encrypted in a file, would you let anyone to decrypt it? 😉
  • Rooted!! This box is like way easy in the beginning to almost a bit hard in the end. Thanks @N0xi0us for the nudge in the end. Feel free to dm for hints 🙂
  • Type your comment> @Oxeeql said: (Quote) Thanks . Was so easy that I completely overlooked it. Got it now
  • I have got user1. But can't find a way to user2. I have read the above comments. Found a key***gs directory in .loc******re. I guess something will be revealed by the files in it. Can anyone give a nudge, am I on the right path?
  • Spoiler Removed
  • Rooted finally!! A super educational box. Thanks @purplenavi for the help. Anyone feel free to DM 🙂
  • I am able to upload certain files from the service page (except image files) but I cannot find where the file is uploaded. Can someone give a nudge..
  • Type your comment> @M1sha said: (Quote) Enum enum enum and PrivEsc, then go back to the files
  • Type your comment> @wooly13 said: (Quote) Same happened with me but after installing hexdump the script worked without any errors.
  • Rooted!! By the way, how did everyone came to the conclusion to use the S******T script here? Someone gave me a hint to use that script. I found the foothold tough as I was unaware about the script and was not able to get much info from the box ini…
  • Found the login page but cant find the password. I guess n****n is the username? Any nudges on password?
  • I found something which looked like a username: aj******o and @aj**n. Are these the creds everyone is talking about? Found this inside the R****E.txt file. These doesn't seem to work for me, any hints?
  • I got the encrypted files, tried decrypting using en**s and it prompts for a password. I don't know the password and am unable to find it. Can anyone provide a hint. Thanks!!
  • Spoiler Removed
    in Fatty Comment by gs4l February 2020
  • Spent a few hours fixing the java client. Now I have it running but can't figure out what to do next. Can anyone lend me some hints...
    in Fatty Comment by gs4l February 2020
Avatar

Howdy, Stranger!

Click here to create an account.