That was definitely a hard one for me. Finally rooted though PM for nudges.
Foothold:
It’s WW2, remember to always scan for subs.
You have a way of submitting user data on one of the sites. Look closely and see how that data is processed.
User:
Spray and pray.
Root:
After you’ve found the thing, you need a way to read it properly. BROWSE(r) through eddie’s home to find the thing that unlocks the previous thing. After that you’re almost there, this one really ROCKed me.
Sublime is another text editor with excellent text formatting. It makes things a lot more readable. I used VIM when doing this box up until I couldn’t see “what i was looking for” because VIM screwed up the file formatting. Heard about it while on the Ippsec Train.
Were you able to register, before you gained any other access? I’ve not been able to use the registration, but I’ve not been able to really do anything else, either.
If you find something that looks similar to a hash, but it’s in a really weird format, what do you do with it? Do you have to figure out how to convert it to a different type of hash, or what?
Many ways of doing that. You could reference hashcat and its example hashes to compare it and figure out what it is. Or john it to see what kind of hash it could be, if it is one. Or use any online tool to identify it. Whichever method you like.
Hope i’m not confusing you. I’d have to see what you have in order to really help.
Thank you. Yeah, I had to just use the ‘DB Browser’ to get it to show up properly.
Were you able to get anything to show any directories or sub-directories? For some reason, when I run wfuzz, like I normally do on every other machine, it just isn’t working, even for directories and domain names I know exist, and that I know exist in the wordlists. I’ve never experienced that, before. I need to figure that out.
@bumika, I keep getting the ‘Internal Server Error’ messages, but I think they might persist through different instances of the machine. Like, if I click on one of the messages on the dashboard (after logging in), it gives that error. Also, if I go to register for an account, I think it gives me that same error. I’m pretty sure it’s happened on multiple instances of the VM. Are those the kinds of things that should not error, or did you mean something else? I’m just a little stuck at this point, so I’m not sure what to look past, or what… Thanks.
Rooted. Spent quite a lot of time on the meaningless UI. I doubted the thing I got was different from what I see. But it turned out that I missed the basic enumeration at very first.
Nice Box, teach you a lot of new and little things.
HINTS
User: enum on Vhost as much as you can, the website provides you what you may need to go further. There is a vulnerability that you will need to exploit to get RCE. once you have the shell you will have to look back at what else you find in your initial enum then enum for the user.
Root: this is easy once you know what you need to look for.
Give it some time, if you are still stuck, Discord: luckythandel#6053
The box goes down every few minutes for a few minutes, I initially thought it might have just been web but now that I have user and a “Secure Shell” I thought that wouldn’t be an issue but I was wrong
that was a fun and tricky box. learned a lot!
took me quite some time to enumerate and to find what a needed but really satisfying when i finally got it!