Hello,
I have pwned all theses machines and I feel stuck and I don’t know what to do next:
DANTE-NIX02
DANTE-NIX04
DANTE-WS01
DANTE-NIX03
DANTE-DC01
DANTE-WEB-NIX01
DANTE-WS03
and I didn’t found the other network no interface found on theses machines above, I need a nudge ?
Hello guys,
I’m stuck on the Update the policy! flag and I have pwned:
DANTE-NIX02
DANTE-NIX04
DANTE-WS01
DANTE-NIX03
DANTE-DC01
DANTE-WEB-NIX01
DANTE-WS03
Hi Lads !
I am stuck on the first machine (Dante-Web-Nix01 ~ 10.10.110.100), I successfully accessed the WordPress admin page, I could execute commands on the box as www-data but I can’t ping or connect back to my host. Is it normal ? Have you any ideas ?
Thanks for the help !
Hi
I am stuck on the “It’s easier this way”
I have tried all brute-force attacks, but I did not get anything.
Can someone help me to get the flag?
Thanks
Hello,
I have pwned WEB-NIX01, DC01, NIX02, NIX03, NIX04, WS01 and WS03 and I’m stuck on SQL01, WS02 and a machine with 19 ( I don’t know the hostname of the machine yet ) can you give me a nudge ?
Thank you
You can PM me for a small nudge in the right direction.
Hi 0mar, could you give me a hint on how Privesc NIX02 please?
I am very stuck on nix02. I found a way to read files from the server but can’t find anything useful. Any tips?
You can DM me if you still need a hint.
Hey Mate - any luck with NIX02 machine ? I found one user using one vulnerability tried ssh brute force with the user so far no luck 
Hey Buddy - I am on the same any luck after reading files ?
Did you notice the file from the smb share? It will give you a hint at where to look
For everyone struggling to get to the admin panel on the webapp, you need to find a user and then brute force. Trust the process, if the user is right, u will get it.
If anyone is kind enough to help me with a hint on the buffer overflow, its not exactly my strong point and i’ve been banging my head on the desk for over a day about it. Is there a way around the overflow or is that the only way for priv esc?
If I recall correctly there’s a box that can be rooted without BO thanks to a recent CVE (infact I completed the whole lab with no BO). You can DM me.
Thanks for the offer, it is much appreciated but I did find the CVE and was able successfully exploit it. For anyone else who is stumped by the Buffer Overflow, there is an alternative route.
for WEB-NIX01, I got root, but it felt like it wasn’t intentional, could I get a sanity check (no spoilers, but let me know if this is intentional):
is the privesc supposed to be this easy? as in running linpeas and basically getting told what it was (single command to run)? as well as being able to do this from the web user and not the user
is /opt/ supposed to have that folder there? it seems like someone as root left it there
I reset the machine, and these things were still like that, but it really seems like there is something missing, since I was able to skip a flag, and go directly from web to root
Mainly want to make sure I am not missing anything. Thanks!
Hi, I am stuck in the beginning, the first machine .100, I found the file todo.txt and wp****.swp, but I can’t connect to wp-admin panel with what I found until now, any hints for this ? thank you
Can anyone give me a nudge on how to pivot to the ADMIN network and from where ? Except SQL & NIX07, I have compromised all the devices in the internal network. Kind of stuck at the moment on how and where to go next ?
research about wordpress directory structure if you have identified the appropriate port on that machine.