Official Academy Discussion

TazWake · December 21, 2020, 9:54pm

I was able to gain a foothold but i was not able to find the a-p page for login with a tool like dirbuster. I just lucked out with manual trying so could someone suggest a proper enum command to find that kind a thing in the future ? Also dirb just gives a lot of erros so i think i need a better toolset. Thanks

I think, if you mean the page I think you mean, the simple answer is down to wordlists - there isn’t a right or wrong one - you just need to try different ones.

Its also worth combining directory enumeration tools with web application scanners like Nikto.

xor2764 · December 21, 2020, 11:02pm

Type your comment> @Gaiaphage said:

So, I managed to get a www-**** shell and also found some creds (s***** and GkE*********1), but I’m not finding out where to use them (I tried s and "s* - "). I only managed to get on my, but this doesn’t seem to help me. Could someone give me a nudge please?

I am at the same place, can you/anyone give me a nudge?

TazWake · December 22, 2020, 9:39am

@xor2764 said:

Type your comment> @Gaiaphage said:

So, I managed to get a www-**** shell and also found some creds (s***** and GkE*********1), but I’m not finding out where to use them (I tried s and "s* - "). I only managed to get on my, but this doesn’t seem to help me. Could someone give me a nudge please?

I am at the same place, can you/anyone give me a nudge?

I suspect you’ve looked in the wrong places. Have a look closer to where you landed.

xor2764 · December 22, 2020, 6:21pm

Rooted. First box I’ve completed, definitely learned a lot from it. Big thanks to TazWake and others in the discussion for the nudges.

harveystephen · December 23, 2020, 9:34am

I’ve just reset the box. I can ping it and I’ve redownloaded my vpn pack.

It takes anywhere from 5-10 mins to load the main webapp page. I’m based in Aus.

Anyone else getting slow connections? I assume its from the virtual DDoS of noobies running nmap.

Hackximus · December 25, 2020, 12:37am

ROOTED!

DM me if you need a nudge!

http403 · December 26, 2020, 6:17am

I have found an exploit for the machine but i don’t get session anyone can tell me what I am doing wrong. Exploit: msf **** base64 app key *lara (I hope I didn’t gave extra hint)

sbroekhoven · December 26, 2020, 3:36pm

Type your comment> @happykharoud said:

I have found an exploit for the machine but i don’t get session anyone can tell me what I am doing wrong. Exploit: msf **** base64 app key *lara (I hope I didn’t gave extra hint)

Try without the part before the : ( in the app key section also no : )

TazWake · December 26, 2020, 7:23pm

@happykharoud said:

I have found an exploit for the machine but i don’t get session anyone can tell me what I am doing wrong. Exploit: msf **** base64 app key *lara (I hope I didn’t gave extra hint)

Make sure you’ve got all the values correct.

jw0 · December 26, 2020, 11:16pm

Anyone have any hints on getting a foothold? I’ve found d**-st****-.a****.com but not sure what to exploit to start attacking

Edit: Thanks @TazWake was relatively straightforward after landing the beachhead. Enjoyed the lateral movement then a straightforward privesc for root.

TazWake · December 26, 2020, 11:26pm

@jw0 said:

Anyone have any hints on getting a foothold? I’ve found d**-st****-.a****.com but not sure what to exploit to start attacking

Look into what it is and search for exploits for it.

0x4A45 · December 26, 2020, 11:37pm

This was a nice box!
From my beginner’s point of view: It is easy to get into rabbit holes here.

Feel free to PM me for nudges.

saimson · December 27, 2020, 9:08am

finally rooted…
uid=0(root) gid=0(root) groups=0(root)

Initial foothold - don’t look closely look deeper
don’t frustrate if not getting anything just start again…
user- look wildly,again …
root - root is easy
thanks for amazing box
@egre55 , @mrb3n
need help ping me on twitter @saims0n

Flin7 · December 27, 2020, 10:47am

Hi! I need a little kick for foothold.
I successfully registered a new user after changing the r***d but I nothing works beyond that point; I cant get hold of any admin pages I found using the creds from the registered user. A little kick pls.

Flin7 · December 27, 2020, 1:58pm

Type your comment> @C4P7A1NFlint said:

Hi! I need a little kick for foothold.
I successfully registered a new user after changing the r***d but I nothing works beyond that point; I cant get hold of any admin pages I found using the creds from the registered user. A little kick pls.

Got foothold…Thanks for the tap @saimson

n1njaaa · December 28, 2020, 3:02pm

nice box !

Took me time to get user but root is very straightforward.

ahuet · December 28, 2020, 4:42pm

I’m really struggling to get a shell. It says no session was created. I’ve tried everything now and can’t do it. Help please.

ahuet · December 28, 2020, 4:44pm

Nevermind, finally found out why it wasn’t working >.<

Th3Punish3r · December 28, 2020, 8:57pm

Anyone for a hint to get user? I have initial foothold and I’ve been enumerating for a long time with nothing obvious for me. Thanks!

YatiPatel · December 28, 2020, 9:38pm

Check this out to understand the technique used to bypass the login. One of the labs explains it.