Dante Discussion

Hi Anyone can give me a nudge. I have found the admin network. But i am not able to do pivot on that Network.

Hi, Im stucked on the last flag “It doesn’t get any easier than this”.
I dont really know what should i do, i have pwned every machine, except FW01, can someone give me a hint of what i supposed to do ? i dont know how to get to the firewall, cause it says the 10.10.110.2 is out of scope.

Hello,
I have pwned all theses machines and I feel stuck and I don’t know what to do next:
DANTE-NIX02
DANTE-NIX04
DANTE-WS01
DANTE-NIX03
DANTE-DC01
DANTE-WEB-NIX01
DANTE-WS03

and I didn’t found the other network no interface found on theses machines above, I need a nudge ?

Hello guys,
I’m stuck on the Update the policy! flag and I have pwned:
DANTE-NIX02
DANTE-NIX04
DANTE-WS01
DANTE-NIX03
DANTE-DC01
DANTE-WEB-NIX01
DANTE-WS03

Hi Lads !
I am stuck on the first machine (Dante-Web-Nix01 ~ 10.10.110.100), I successfully accessed the WordPress admin page, I could execute commands on the box as www-data but I can’t ping or connect back to my host. Is it normal ? Have you any ideas ?
Thanks for the help !

Hi
I am stuck on the “It’s easier this way”
I have tried all brute-force attacks, but I did not get anything.
Can someone help me to get the flag?
Thanks

1 Like

Hello,
I have pwned WEB-NIX01, DC01, NIX02, NIX03, NIX04, WS01 and WS03 and I’m stuck on SQL01, WS02 and a machine with 19 ( I don’t know the hostname of the machine yet ) can you give me a nudge ?

Thank you

You can PM me for a small nudge in the right direction.

Hi 0mar, could you give me a hint on how Privesc NIX02 please?

I am very stuck on nix02. I found a way to read files from the server but can’t find anything useful. Any tips?

You can DM me if you still need a hint.

Hey Mate - any luck with NIX02 machine ? I found one user using one vulnerability tried ssh brute force with the user so far no luck :slight_smile:

Hey Buddy - I am on the same any luck after reading files ?

Did you notice the file from the smb share? It will give you a hint at where to look

For everyone struggling to get to the admin panel on the webapp, you need to find a user and then brute force. Trust the process, if the user is right, u will get it.

If anyone is kind enough to help me with a hint on the buffer overflow, its not exactly my strong point and i’ve been banging my head on the desk for over a day about it. Is there a way around the overflow or is that the only way for priv esc?

If I recall correctly there’s a box that can be rooted without BO thanks to a recent CVE (infact I completed the whole lab with no BO). You can DM me.

1 Like

Thanks for the offer, it is much appreciated but I did find the CVE and was able successfully exploit it. For anyone else who is stumped by the Buffer Overflow, there is an alternative route.

for WEB-NIX01, I got root, but it felt like it wasn’t intentional, could I get a sanity check (no spoilers, but let me know if this is intentional):

  1. is the privesc supposed to be this easy? as in running linpeas and basically getting told what it was (single command to run)? as well as being able to do this from the web user and not the user

  2. is /opt/ supposed to have that folder there? it seems like someone as root left it there

I reset the machine, and these things were still like that, but it really seems like there is something missing, since I was able to skip a flag, and go directly from web to root

Mainly want to make sure I am not missing anything. Thanks!

Hi, I am stuck in the beginning, the first machine .100, I found the file todo.txt and wp****.swp, but I can’t connect to wp-admin panel with what I found until now, any hints for this ? thank you :slight_smile: