Someone got the shell???
when i changed my browsers proxy settings, 80 port opened but with 404 eror. Any hint?
Yeah i’m stuck afraid to admit. Any hints on initial ? I haven’t found anything particularly juicy
@clubby789 , I hate you (in a good way tho… lol). Great box!
well, text of 404 error on port 80 seems wierd coz its parsing whole url as a doc name, but i dont know what to do with it. any hints?
rooted, very straightforward box…
uid=0(root) gid=0(root) groups=0(root)
I enjoyed this very much, thank you @clubby789! But I think misclassified, it’s one of the easiest ones currently available.
@idomino said:
I enjoyed this very much, thank you @clubby789! But I think misclassified, it’s one of the easiest ones currently available.
I may have misset permissions at a particular point ;).
Type your comment> @clubby789 said:
@idomino said:
I enjoyed this very much, thank you @clubby789! But I think misclassified, it’s one of the easiest ones currently available.
I may have misset permissions at a particular point ;).
lol I know what you mean. Not having that knowledge would have made it definitely harder
Type your comment> @HumanFlyBzzzz said:
Yeah i’m stuck afraid to admit. Any hints on initial ? I haven’t found anything particularly juicy
same here, I only know whats on the main webpage and my gobuster scans aren’t working
Thx @s0clyst , looks interesting. I’m turning in for tonight, had one too many drinks. Don’t drink and hack kids lol
I am getting an empty response (no errors, just empty…) from the server when sending the payload to get a shell. Does anyone have a similar problem?
which wordlists are u guys using to get to the S****SS.py file ??
or should we look for it without scanning too much
Type your comment> @c00de said:
which wordlists are u guys using to get to the S****SS.py file ??
or should we look for it without scanning too much
stay simple, stay common… Once you choosed the wordlist, Burp, intruder and you will get it!
Type your comment> @phat said:
Type your comment> @c00de said:
which wordlists are u guys using to get to the S****SS.py file ??
or should we look for it without scanning too muchstay simple, stay common… Once you choosed the wordlist, Burp, intruder and you will get it!
i forgot to add the port to the url hahaha
any hints on how to restore key for user or bruteforce is the only way?
EDIT: Got user. On my way for root. Bruteforce seems to be the only way to restore a key
Rooted the box, but I’m not sure it was an expected way. Can you share how you got root with me, because it was way too easy
Hmm pretty much stuck on init foothold, found some corrupted files via source code auditing
Rooted.
Thanks @clubby789 for the box.
Nice box, I enjoyed getting user.
Type your comment> @B3LL4T0R said:
Type your comment> @HumanFlyBzzzz said:
Yeah i’m stuck afraid to admit. Any hints on initial ? I haven’t found anything particularly juicy
same here, I only know whats on the main webpage and my gobuster scans aren’t working
The first part is pure CTF. Focus on the message in the main page.
@zkvo said:
Hmm pretty much stuck on init foothold, found some corrupted files via source code auditing
Focus on a function you would like to exploit.
From there, develop your attack.
Trying it locally might be more helpful.