Chaos

YorkshireGold · March 20, 2019, 12:11pm

@Skunkfoot said:
Tired of people just posting their questions without reviewing …

Well said bruvva!

RTFM

NikolaT3sla · March 21, 2019, 9:24pm

please need help with that python script am not that good at python
pls pm me and thnx

marine · March 25, 2019, 12:23am

nice box…got root and learn something realistic…pm for hint…

faisal94n · March 25, 2019, 6:33pm

Please can anyone help with escaping rbash, I’ve tried every possible way but I couldn’t escape, it’s driving me crazy, I’ve also tried all the hints but no help, could anyone help me PM.

mrberlin · March 25, 2019, 8:19pm

Good machine! The first part is too CTF like but from the PDF service onwards it is pretty good and definetly helps brush up on a few skills.

wail99 · March 26, 2019, 1:13pm

can anyone help me please , i can’t find the creds , i tried brute forcing all services include the mai*s but can’t get it

jattion · March 27, 2019, 2:46pm

@redravensec said:
I am stuck on what seems to be the easisest part of the machine, however when anyone else in this discussion has asked for help on this part no one has responded so hopefully someone will reply to this. I have got RCE on the p** service and have a low priv shell as ww*-. I cannot seem to find a way to become either user, I have the creds still from the beginner for the user ay but cannot seem to find a way to logon as said user. I also notice that the user ay** has an rba** shell instead of a bash one but I still cannot seem to find a way to become that user. Any PM’s or hints/nudges on here will be appreciated ;).

same here
update: rooted…pm me if anyone needs help…

mrberlin · March 27, 2019, 7:21pm

Turns out I over looked something with the low priv ww*-**** shell. After feeling dumb I progressed fine and have now got root! This is a good machine, the first part is too CTF like but from the P** service onwards it is good (the root part is very realistic). If anyone would like any help with this box let me know, too many people have been ignored on this forum (including myself at one point) so I am more than happy to give anyone who PMs me help.

P4YDAY · March 27, 2019, 8:46pm

Found the W***n page and having trouble with it. Any tips?

NikolaT3sla · March 28, 2019, 2:58pm

any one here can help me with that pdftex part

RoTnRat · March 31, 2019, 2:10pm

Finally got root.

I ended up learning a few things on this box which made me vote it up, but overall I found the initial foothold to just be a puzzle with zero real world application. At least until the P** section. That’s the first place I actually learned something. Second was pulling creds from ma ps.

So thank you for those.

I need to get used to burp/zap for HTTP enumeration and not rely on source reading as much. I really did not expect to see as much as I did and I kicked myself for not anticipating the sheer amount of data leaked out. Not sure if that’s something which happens a lot in the real world, but it’s something to be cognizant of, for sure.

In retrospect, I learned a lot and for that I’m grateful. To future authors, if you want to push us down a CTF path, make that its own “meta” game from you to us. Don’t try to hide the CTF in “real world” veneer, just call a spade a spade and pull the user into a game. I think I’d be a lot happier knowing that the road ahead isn’t meant to follow the path of a “real pentest” and instead be on the lookout for tricks and stupid antics (as fun as those may be). I read a lot of frustration (and feel it myself) when I’m expecting to enumerate for config issues and other standard engagement issues and come to find out they were all red herrings while the meat was hiding in a convoluted game.

Just my 2 cents, feel free to ignore!

NikolaT3sla · March 31, 2019, 4:09pm

Rooted
Pm me for hints

Lorcheiro · April 1, 2019, 7:57am

Which program/utility do yo use for accessing the service discovered doing enum? I can’t find any for connecting myself

env · April 2, 2019, 9:08am

Anyone could help me getting on the initial foothold? Been try to enum but no luck

Cybersecdo · April 5, 2019, 11:32pm

Hi, can anyone pm to give me a hint in the initial foothold, I’m trying hard using zap,go…r,wp…n and no chance to see some stuff or the wp are a rabit hole, thank you!

dontknow · April 7, 2019, 12:04am

Can anyone give me a hint what to do after getting w****-da****?
EDIT: He used the same password even there…
EDIT: Rooted, PM me if u need help.

env · April 8, 2019, 9:32am

Rooted the box! Thank you for @dontknow and @smallgods for the initial foothold hints! For anyone who need a hint feel free to PM

petitponeybzh · April 8, 2019, 7:59pm

Anyone could help me with python script plz?
Thanks

ytho · April 9, 2019, 9:34am

So i’ve gotten access to the generator page and have been able to run shell commands with the help of burpe suite. But im stuck as a certain user who cant do much other than show me all the files I dont want :P. Any hints on if I should be focusing on something for priv esc or is this just getting the right type of reverse shell implanted in the requests? Dont see how the latter would work with the current user running those commands.

wizliz · April 9, 2019, 2:50pm

I’m in the same position, I’ve made it into the box as a low priv user, and haven’t been able to progress from there. I’ve looked over the last few pages and taken some paths from other hints, but something is obviously going over my head. If anyone can push me in the right direction that would be greatly appreciated!

Edit: Made it a little farther. Was able to do actions as another user, and escape a restricted shell with some sticky stuff of my own. Found a user text file, but it isn’t what I expected. Still willing to take help!

Final Edit: Nevermind. Just had to take a break and eat some lunch, figured it out pretty quickly after that! The weird user flag issue I think was caused from me messing with t*r on it, because it was normal after a reset.