Enumerated ports, services, site, etc. Read docs. Got SN*. Still unable to login. Site seems to hang after inputting credentials :confused:

Can any point me in the right direction? I have an interactive shell and have modified the b** config. I havent been able to capture the traffic locally and havent been able to forward the traffic to my box.

I think I almost have rotting this figured out. Could someone give me a hand? I am b** h******** and seeing an f** 3-way handshake, but no data.

EDIT: Nevermind- rooted. Be wary of poor network conditions.

Nevermind- rooted. Be wary of poor network conditions.

Hey all, I’ve been able to log into the web page with the correct credentials, and I am working with burp suite for the RCE. I’ve found Check=******* that people have mentioned but I am unsure of where to go from here. Any help would be appreciated. Feel free to DM. Still trying to get that user.txt.

anyone up to help me out with b** h******** portion? I’d like to get some feedback on my approach. I have owned system already just not sure how or why

Gotaccess to web app, cant seem to figure out changing the parameter to execute rce. Do you need to modify both the Name and value or simply the value of Ch***? Feel free to DM me

For root, I was pretty close for many hours and pulling my hair out and was missing one step after configuring b**. My hint is below, hopefully its vague enough not to be considered a spoiler.

Remember when doing b** h********, you have to actually be able to provide the services you’re advertising.

hints for PrivEsca

@0xMohamed I’m right there and I see data for that service. I dont see a password or any files being transferred. I’m trying to capture it in pcap. I dont know why I can only see partial data for that service.

Rooted! After 2 days of struggle… This got to be my favorite box, learned so much! If someone need help just PM me.

Holy cow! Took me 2 days too. Thanks to @snox for the tip. Pay attention to @0xMohamed’s advice.

The root part has been kicking my ass for a day and a half. Makes me painfully conscious about the need to seriously brush up on my networking skils.

Changed stuff in b***.cf according to that f port in the T*****s page, tried catching the result with n*, tried with tc****p … but nothing is showing up yet.
I know I’m really close, but I must miss a detail either in that file, or in the way I’m listening to stuff.

Any hints in PM ? Would love to check my B** h*******g logic, as I feel it might be too simple or missing something.

thought I was finished but it’s time to try harder

Finally rooted. Thanks to @siryarbles :slight_smile:

Just had a conversation with someone on port 21. That was fun ¯_(ツ)_/¯

So crowded, it’s just a pain to root it :scream:
Resets / network mess… man, the hardest part is not to root it but find the right hour to work on it XD

Really stuck on this i understand the attack needed to be done. When I make changes, host a service for a connection nothing happens. Not sure what I’m doing incorrect. Finding this box really hard…

Edit: not to worry i got it! Hint if you know the attack and you know what service is needed you need to ask yourself what is the VIP calling to and how can i get him to come to me if that makes much sense haha

I have the root password but cant do much after logging into the service. Can someone lend a hand?