Luke

Rooted! Good box.
pros: Makes you much more careful in enumeration, you will learn much about port 3****, Web Services.
cons:Privilege escalation should be better.

Feel free to PM if you need help

Type your comment> @Zephranoid said:

I have found 3 places to use credentials but I can’t find any credentials, can someone give me a nudge in the right direction, just a tool name should be enough.

try the usual suspects for webapp enum in kali under crawlers and enum, thegoogle and then head for thecURL …should be enough.
Im still stuck in the mud though… but today its time to rise!

Interesting box, unlike most people it didn’t seem that CTFish to me.

I mostly learnt not to make assumptions, sometimes the easy answer is the right one. Thanks for the nudge @lattethunder and @Ralveng

Type your comment> @lduros said:

Funny I was working on higher ports and just noticed the main web port was open, didn’t catch it on my first nmap scan, probably the box wasn’t fully up yet.

are you talking about 3*** port?

rooted! Found it fun and useful! Pushed me to learn more about the odd port which I have been avoiding for some time! Thanks author!
would have been nice with a privesc, but this is somewhat IRL anyway I guess.

Any help on the “Auth token not supplied” part would be nice

Type your comment> @iamsundi said:

Type your comment> @lduros said:

Funny I was working on higher ports and just noticed the main web port was open, didn’t catch it on my first nmap scan, probably the box wasn’t fully up yet.

are you talking about 3*** port?

Port 80 wasn’t up yet when I did the first nmap scan.

@lemarkus said:
Any help on the “Auth token not supplied” part would be nice

Try to figure out how to authenticate with the service. No need to brute force much (except manually trying a few combinations) if you have done your enumeration of another port properly.

Type your comment> @Zephranoid said:

I have found 3 places to use credentials but I can’t find any credentials, can someone give me a nudge in the right direction, just a tool name should be enough.

1)Enumerate.
2)Use your favourite web server scanner tool on every open port you find.

Are there any hints what to do with the u**** of p 3*** ?

ok so after retrieving the a*** t**** from the odd port , i was able to edit the request using B*** S**** and then it shows a GREETINGS MESSAGE, however im not sure how to do that on the url itself any hints on what i’m supposed to do next?

Type your comment> @anonymous187 said:

ok so after retrieving the a*** t**** from the odd port , i was able to edit the request using B*** S**** and then it shows a GREETINGS MESSAGE, however im not sure how to do that on the url itself any hints on what i’m supposed to do next?

nervermind was going the wrong way

can anyone PM about submitting creds to the odd port. have tried a few diffrent things with curl and postman but cannot work out how to submit them and get an a*** t**** ?

I get that something has to be done on port 3***…i FTP-ed into the open port and found a weird text file written by some sysadmin but didn’t get any creds…any help on enumeration or priv esc ?

Rooted. I’m not sure I really liked this box though. I was stuck at one point (initial creds), then it was super easy from there on.

PrivEsc was… a bit of a deception.

The root for this one was far too easy… Like ridiculously so. Still, was good to tag-team with @Execute :slight_smile:

Spoiler Removed

Spoiler Removed

need help with curl syntax to get pass the 3***

Type your comment> @deathflash1411 said:

need help with curl syntax to get pass the 3***

Same here.