Rooted this morning - root was very informative and i actually learned a new thing, new way to look for an exploit in windows systems, thanks @TRX
User was pretty easy - knew everything when i saw it, was nice though learned something on M--iaD-
User was extremely esay - for root i have no idea
i get access denied on everything im trying to enumerate - so far found out only the OS Version and its not exploitable through kernel stuff - so only manual exploit - I found a lead but it lead me …
One of the best machines I have done - loved the idea - got me to think of stuff differently learned a lot !
tips for user:
Think out side of the box - code doesn't have to be written in plain text ;)
tips for root:
Enumerate - after a w…
Rooted it yesterday - dunno what to tell you its basically a worthless machine - didn't learn anything.
Followed a CVE and then enumerated it to get root - that's it.
I also think its the best hint i can give you without spoiling
Rooted and hour ago or so :)
Liked it a lot ! Nice machine - i learned a thing or two ! and its really real life applicable !
Tips for user?
Cant really give any - its either you know about it or you dont.
Tips for root?
Meterpreter is your best …
Anyone has any hints for user ?
Enumerated a bit a found the user and password are getting base64 ecnoded while you have the ability to send money and you already know your ID - this way you could send money to users and confirm if they are exist…
No problem guys ! much appreciated !
Script was improved even more - now its generic to any login pages that uses Anti-CSRF Tokens !
I will make it into a BruteForce Framework i think and add offline hashing and more features soon !
Follow my git…
Rooted a few hours ago.
Respect for the maker of the CVE but I felt like he just made that machine to do
a publicity stunt for himself.
1. Think simple you dont have to "GET" what you need as soon as you enumerate all of the pages…