Three days and no further forward with the foothold on this box. I’ve heeded the comments but am clearly missing something obvious.
Any help would be greatly appreciated.
Enumeration matters. If you fuzz around you can get initial access. Then google-fu can help you find the information you need to turn that initial contact into something more useful.
So, I had to leave this box and come back to it because it kept getting reset. I’ve gotten to the deployment of my r****** s****, but it doesn’t seem to be getting uploaded correctly or to the correct directory. The dashboard is confusing as ■■■■.
Got my foothold but im stuck on getting my first user. Reading through the hints here it seems i should have enum’d through something useful to get user by now, but im kinda stumped here. A nudge would be greatly appreciated
Im stupid. It really was something that i should have enumerated on my way to foothold. On my way to second user now
Rooted!
id
uid=0(root) gid=0(root) groups=0(root)```
Learned alot as this was just my third box, and Im looking forward to doing more. Took me forever to get it, but all the hints are here already.
Hi, I saw the exploit author YouTube video, tried, but I fail. Then saw a exploit from the cms and it had many exploit injection, tried but I am always landing back to login page. Am I missing something?
This is a really fun box, despite being stuck on the foothold for 3 days.
Foothold: there’s another hidden service somewhere.
User part 1: you need to get a flu jab.
User part 2: look in the cache and you shall find your treasure.
Root: ride on the blue whale and run away.
Yey! I rooted it, and even manage to extract tables and all info myself manually, fun box frustrating because of initail foothold if you like me with little to zero experience in this stuff.