Any help with the decryptor?
I can encrypt and decrypt my own files but not the one retrieved from the w*****l.
I’m using the password hinted at in the message. What gives?
Edit: Sorted now. I was looking at it wrong. Got some excellent help from @cortex42 that taught me some useful information.
@tiger5tyle said:
Any help with the decryptor?
I can encrypt and decrypt my own files but not the one retrieved from the w*****l.
I’m using the password hinted at in the message. What gives?
Are you running it like this?
python3 decrypt.py
@Skunkfoot said:
@tiger5tyle said:
Any help with the decryptor?
I can encrypt and decrypt my own files but not the one retrieved from the w*****l.
I’m using the password hinted at in the message. What gives?Are you running it like this?
python3 decrypt.py
Yes
@tiger5tyle said:
@Skunkfoot said:
@tiger5tyle said:
Any help with the decryptor?
I can encrypt and decrypt my own files but not the one retrieved from the w*****l.
I’m using the password hinted at in the message. What gives?Are you running it like this?
python3 decrypt.py
Yes
Hmm. PM @N30C0UNT, I think he had some similar issues and managed to figure out how to make it work
hi guys, I got the user (a…h) already , and now im working on priv esc .
but im stack, this is my second box, I hope someone could give me a hints for priv esc.
@Skunkfoot said:
@MrFlash24 said:
Found the creds for w*****l. Dont know how to get there.Tired of people just posting their questions without reviewing previous posts that offer hints or answers to those exact questions. It’s almost as bad as people posting just to let us know they got root (surprise, nobody cares if you got root, this thread is here to help people who are stuck and discuss the box, not boost your ego).
To answer your question:
@DaChef said:@xeto said:
I can not find anything to get into “wm” . Already found some creds but doesnt work. Pls any hint!!Use openssl's s_client app!And also:
@Skunkfoot said:For all the people having trouble accessing the wm*, there are at least two ways to do it. You can either do it manually via command-line, which was a cool new learning process for me, or you can do it via your browser, which is much more user-friendly. However, I ran into an issue with this at first, I assume, because of my HTTPS Everywhere extension. I pulled it up on a different browser with no issues.
The Part about ppl who just post that they got root is awesome loled so hard.
But you are right I also get tons of PMs with question about stuff which was already disscussed…
Mobil view is quite fucking the Quote function…
rooted,
root tips : dont go anywhere, stay where you are when you are user!
Hey Guys, I rooted the box (you can ask for hints if you need), first I’d like to say that even if it’s a very CTF-oriented box I enjoyed it a lot, So thanks to the creator 
!
I was wondering if anyone succesfuly got the initial creds with a tool to automate the calls ? Like hydra for example (when I tried with hydra I had only false positives even if the password was in the list), because in my case I found it by typing it manually with a list I got with the well-known tool that make custom wordlist.
If anyone did it by not trying “by hand” every possible password, can you PM me to discuss how you did ?
@rafff said:
Hey Guys, I rooted the box (you can ask for hints if you need), first I’d like to say that even if it’s a very CTF-oriented box I enjoyed it a lot, So thanks to the creatorI was wondering if anyone succesfuly got the initial creds with a tool to automate the calls ? Like hydra for example (when I tried with hydra I had only false positives even if the password was in the list), because in my case I found it by typing it manually with a list I got with the well-known tool that make custom wordlist.
If anyone did it by not trying “by hand” every possible password, can you PM me to discuss how you did ?
MSF has an enum tool that will find it with the default list 
Learned a lot of this box and sahay thanks for your time putting this box together. As xterm said “dont go anywhere, stay where you are when you are user!” this means where you find user.txt. Had a hard time figuring that out as I managed to get shells in different folders.
Hello guys! who can help me ?Im so angry for chaos machine. I cant do it!
Guys please don’t act like this box was totally bad ,
I just rooted this box and I would like to say that this box taught me stuff i didn’t know about.
Yea maybe some steps were too CTF-style specially the initial foothold , But some steps were also cool . And the root part was nice.
I’m happy to discuss this box with anyone just send me a message . Also if you’re stuck at some point and need help send a message .
Is anyone able to give me a hint with obtaining creds for initial foothold (I’ve used gobuster, enumerated the other service but still can’t find anything besides w****n but no creds)
@nawespet said:
Is anyone able to give me a hint with obtaining creds for initial foothold (I’ve used gobuster, enumerated the other service but still can’t find anything besides w****n but no creds)
Run gobuster under direct IP not the domain name!
Any hints on the decryption as in what tool to use?
EDIT:
Managed to get it working in the end. Wrote a quick python script to do it. This is why they say knowing some programming languages is useful!
Any hints on the P** creation page? or what to send to aj**.php?
If you can see some output, what is it really saying? Is it really the type of file the page says it’s using, or is there something la ying in between? If so, how would one get exec?
Hey I’ve found the w***press site but am lost on what to do could anyone give me a hint?
I dont understand why so many ppl disliked the box. I learned something there and it was also quite nice.
If someone needs help feel free to PM me.
is there a way to escape this rbash
