@VbScrub thank you very much. Amazing box that requires various skills.
Would never call it easy, mostly because it covers many aspects of pentesting (enumeration, reversing, code reading, encryption)
Had real fun solving it
Hope it's not spoiler. It took me a while to find the correct libc
The correct package version for it is: libc-bin_2.23-0ubuntu9_amd64
It can also be found inside ubuntu-16.04.3-server-amd64.iso (That's how I found it)
I'm not sure if the author re…
What a fun box.
Thanks a lot to @Gioo & @Cneeliz for the journey
I learned a lot during the user stage
Root part was too simple imo
The need to reset the box every time the service crashes (and you know it will crash a lot) was a bit annoying …
Thanks a lot @Cyb3rb0b for such a nice box.
Got root using both lazy (Thanks @TsukiCTF for mentioning his repo. It actually took more than 5 minutes, but who counts :)) and the slow (intended? way)
Loved the slow way much better as it requires you t…
I wasn't frustrated that much because of all the information this forum already had.
There were couple of moments that I thought are too far fetched, but overall I think
it can happen in most real life scenarios when people reuse their…
Definitely need help advancing. I'm after login screen for about a week now :)
Got all the .php files, enumerated sqlite, no idea how to proceed.
Will appreciate any help.
Thanks to @Pilot51 for the help with getting the foot down.
First of all I have to thank @MrR3boot for creating such a challenging box.
I've had so many knowledge gaps during the research of the box that it took me
several discord chats and more than a week of research/frustration/little wins to actually
So I've read all the comments, enumerated vhosts, files (at least I think so), saw the error for a short time :), but still can't figure out how to proceed.
I'm pretty sure I'm missing some piece of information to advance.
Will appreciate a nudge.
Type your comment> @Ripc0rd said:
Ok, I actually took some time to explore and found out that hashcat expects a bit different format for the hash depending on type of encryption and whether certain feature was used.
See example hashes ht…
If you have only 1 hash then you're missing some information on how this app works.
Read about various ways and see how you can produce more than 1 hash.
When you have this you'll get the creds really quick
Type your comment> @tang0 said:
There's no b****h string in the binary, so whatever you're doing doesn't seem to be exploitable on remote side (because if you're doing what I think you're doing you don't know the right address of that st…
Just wanted to say thank you to @askar .
This was definitely not an easy box for me.
The user took me 2 days ( 4 hours each probably) and I was on the right page pretty fast.
During this time I learned a lot about PHP LFI/RCE and that nmap actuall…