Thanks for taking the time to answer that and thanks for voting to reset.
I hope enought people will do the same.
the trouble is when a machine gets compromised it becomes unstable and any test result becomes unerliable, let alone nau…
How do you guys reset this.
I have been waiting for a reset for a long time and the vote is 1 of 5 so far.
is that mean I will need to wait until other four vote on the reset?
I don't understand the sense behind this.
can't we get anyone in the mana…
Type your comment> @mechs85 said:
> Hmm, quick question for anyone who has found the a***n page: is the Browse/upload button meant to work?
Nice box overall. Sailed through initial foothold and then user pretty smoothly.
got stuck on root for a little while.
It happens when you overthink very basic stuff and go on a wild goose chase.
Initial foothold: pretty famous vulnerabili…
I have sent an invite for all those who have requested one already.
So new requests can't be fulfilled and requirement is closed for now.
Team management is now a priority over expansion.
Thanks for those who have shown interest.
Foothold was easy as long you are not lazy like me and that got me stuck for a while.
root part was quite interesting and tought me something new about AD and user's permissions. happy to give nudges if required.
this box is very interesting from start to finish.
Start of with an obsecure vulnerabilities that is somewhat hard to find.
However it is one of those OWASP top 10 but with some quirks that made it quite unique.
Thanks to those wh…
I managed to get the certificate working after a few tweaks.
Got to the private area but found no LF*. However I can't use any dirbusting tools due to the fact the box checks the cert for every request. a nudge in the right direction is appreciated.
a hint on how to escalate to user would be much appreciated.
I have been stuck there for a while, I found a hash and tried to crack but no luck.
I have the repo and been through it all the way but can't figure it out
The answer to the last question lies with dear john. but that dear john needs upgrading to his bigger brother, once you do, then the bigger brother will be able to handle the required hash format, and with little effort he will kindly give y…
I'm on my last hurdle, or so I believe.
I cracked the hashes and I got the (/root/s**.py not found) I have no idea what else is to manipulate given the fact that my test.py access permission permits execution only.
Any kind soul to give a nudge.
guys a bit of help needed please.
I was able to access the links to the web app exploitable interface included the action thingy. but can't anymore and I get 404 error code. can any body give a hint or can I DM somebody ?