edit: nvm
finally got root. This has been my fav machine so far, so much fun
Will a standard wordlist work on cracking a file i found by using a python cracker i also found?
Can really use someone’s help on getting a shell on this box. I feel like I’ve tried everything. If I can dm somebody, that’d be great.
Also, dm me if you need help with bypassing the login page.
Wow, what a ride very very nice machine, learned a lot. Thanks @no0ne and @Adamm for the work here.
-
User : All you need is in the login portal. If there is some parameter that is working strange, investigate what is that field and the response given. After that there are interesting tools that would give you some extra information. The process until getting user is long but it deserves. Thanks a lot to @NPCMaster and @farbs for helping here.
-
Root: This is a tricky part, I had the solution but lost a lot of time because it worked sometimes. Now I understand why
Never been stuck for the very initial step for so long on a machine… and despite the errors I can google, no idea how to bypass the login.
I know this machine is prolly beyond my current level, but so many people say it’s awesome that I am (was) keen to give it a go anyway…
still stucking at last step, both signature and builtin miss are huge questions here…
any help plz pm me, thx
logged in… the greatest and most mindbending thing I’ve seen so far, .
how to decrypt c****.*** ??
edit : rooted
any help? I stuck
Got user…
Have learned so many new things. Shed some blood and tears =)
Huuuge thanks to @moxic @Leonishan @Tdzone
Can anyone help me the login bypass, I know whats happening behind, but my payloads not working.
Spoiler Removed
Can someone give me pointers on what to read about with regards to the initial login? I can trigger an error and have read about the API, but I’m not sure how that can be exploited.
started root part: not really random…
edit: yeah, not at all…
edit: rooted, had to dive deep into python
Beautiful box! I’ve learned so many things here. Really satisfied that I could do at least eval()
part without nudges =)
Thanks @no0ne & @Adamm, this was the most interesting journey so far!
Can anyone help the login? thx
That was superb. I learned so much from this box and while I have always known about a lot of the vulnerabilites I have never made the effort to test them out, until now.
If you need a pointer shoot me a PM
Got user, that was fun. PM for hints. Onto root
root! what a ride