I have found both files in a****-**r, but I haven’t found that login page that everyone keeps talking about. I have tried several wordlists with dirbuster and nothing…
There must be something really obvious that I am not seeing… Can someone please give a hint?
Check back on your enumeration again. Consider what you got from both the files and what other services have you found. Work from there and you can figure out indirectly the path to the login page. DM me if you still really can’t find it
Finally rooted and finished this task. This is really an interesting box for easy because it is less about exploits but more about how you enumerate, the attention to details and of course, to break out of your tunnel vision too. A lot of red herrings to mislead you but if you have a proper methodology or you keep really good enumeration notes, this will really help you. Like how this trains us to enumerate more than to exploit.
User: Difficulty of foothold depends on if you know a specific tool related to databases. The machine name is a big hint.
Thanks for this hint @flipflop139874 I never would have gotten the page without this!
This is definitely the most challenging “easy” box I’ve encountered on here, can’t say I agree with calling this an easy box. Nevertheless thanks for making a great box, I definitely learned A LOT…
User was pretty difficult for me… just enumerate and enumerate… to get on the box, I had to learn a new technique which was pretty cool actually
Plenty of tips on here, but when you figure out what you need to do for root, remember to try all different payloads… some won’t work, some will but not correctly, but eventually you’ll get the right one as long as you try all of them
Foothold: This is not like other easy boxes. You have to stop and think a little about each breadcrumb that is given to you, not a whole lot but just a little. My advice is to do what you normally do and INCREMENT LOGICALLY to the next step(s). If I tell anymore I will spoil it.
User: Once you find it then it is just google fu. Again don’t be like me and waste time by underestimating the difficulty of this box, it really is that complex but still pretty simple.
Root: OK so now you are finally on the box, if this is your first linux box checkout gtfo bins. Else, just do what you would normally do and you should eventually find the combination of steps. Also think about directories that admins always have access to when you realize what must be done. I really hope this is not a spoiler.
PM later on this morning if you have any questions. This was definitely not an easy box. A good box, but certainly not easy. I am going to sleep now lol.
FOOTHOLD: dirsearch (-l -f -w), connect to the right port, enum and dirsearch again (search the login page…)
USER: CVE, a rogue server could help you…with the right “filelist” path…and check the log file…
ROOT: spy processes and tasks, and find the right “path”… to the right script…
Tried to hydra the login page, but it seems cannot identify the access denied text, so it return all false-positive.
Is hydra do not work with this page?
Tried to hydra the login page, but it seems cannot identify the access denied text, so it return all false-positive.
Is hydra do not work with this page?
Yes. it do. But, it’s a rabbit hole… you must find another way to login on this page. Search the version of application, and call your “best” friend
guys! is this vulnerable to p*** h**a****g??
edit: oh never mind just rooted it
root@admirer:~# id
uid=0(root) gid=0(root) groups=0(root)
okay here’s some hint!
user: enumerate my friends enumerate it! if your tools don’t work switch to another tool and make sure to read the manual if you cannot get it research the tool like “insert tool here” tutorial on google! oh right if your wordlist don’t work hey don’t stick to it oh short it first for a nice satisfaction! if you find it google your way in!
notes: to tell you the truth I’m cursing at my tools during this time…and makes me wanna trow my laptop for how slow it is in emumerating…
root: enumeration tool for the win! oh but sometimes the dangerous is sometimes our best friend!
notes: oh the root! well it’s not that hard ones you know the proper input but if your a noob like me it takes ages to just find the proper sintax! ■■■■ it!.
That box gave me a really hard time, I was really frustrated about the wordlists thing but when I found the one I thought that actually kinda made sense… At least if you use Kali and look at all the wordlists, there is one that might stick out a bit. I wonder though how some people got it that fast on the first blood, considering if took me around that much time just to find the good wordlist lol.
The root part wasn’t hard to understand but to get all the pieces together (including the syntax) was a nightmare. I actually don’t even know why some options just don’t work even though they’re in the manual… ?
Anyway, interesting and challenging box overall, thanks @polarbearer and @GibParadox !
Oh boy, the initial foothold was a mess for me. I tried so many things but got back to the basics and expanded on them. I know now important it is to really know your standard enum tools :).
foothold: enum tools (!), after that, pay attention to what you get. The name of the box can lead you in the right direction user: Google root: if you know what is being run by who, you’ll get it
And I learned a lot of things.
