Official Agile Discussion

derhund88 · March 8, 2023, 2:10am

Rooted … Fun Box, the root was epic and fresh!

Celebren · March 8, 2023, 2:16am

You need to edit /etc/host to include the ip and url

vin36 · March 8, 2023, 5:39am

Hi, I’ve gotten the user flag, but to get to the page that contains the ssh credentials , I had to manually try every number starting from 0. Is there a tool that could automate this? I tried wfuzz, but it gave me 302 for everything. Maybe BurpSuite?

jakechakola · March 8, 2023, 8:26am

so I was able to get the User flag but I have no clue what I should be doing next (any hint would be great)

R10T · March 8, 2023, 10:05am

I don’t understand why the machine keep blocking. Every 1 or 2 minute even if I’m inside with SSH session the session freeze or crash… Why is that?

Very hard to work like that. I even reset the machine, nothing changed. Am I the only one facing this problem?

PS: I’m using linpeas.sh but somehow the result change everytime i execute it… This machine driving me crazy

melid404 · March 8, 2023, 10:19am

Intruder or ffuf would help you

yaourtiere · March 8, 2023, 2:14pm

Did it yesterday, it was very cool ! Foothold and user was pretty easy, final PE was unexpected ! There is a lot of things to do, but nothing very hard, I would say max Medium

Pologhini · March 8, 2023, 3:36pm

Hi everyone,

Is anyone willing to teach me a thing or two about this machine or maybe give me a push in the right direction? I dont want to spoil anything, i can give you my thoughts and findings so far, in a dm.

giantgun · March 8, 2023, 6:09pm

Ive also gotten up to LFI now Im stuck

giantgun · March 8, 2023, 6:18pm

I’ve also gotten up to LFI, now I’m stuck

cmoon · March 8, 2023, 9:32pm

Rooted! Ty to @Paradise_R for letting me know I was chasing down a rabbithole on foothold. Rest of the box wasn’t too bad and root was pretty cool and hadn’t seen that before. Feel free to reach out for hints but let me know what you’ve tried!

lucas77 · March 9, 2023, 2:57am

Any PM would be appreciated I am unsure what I should do next…

demon67 · March 9, 2023, 5:50am

How did u find LFI?

vin36 · March 9, 2023, 6:14am

Try exporting some passwords and use Burp to intercept.

vin36 · March 9, 2023, 6:17am

This is a good resource for general LFI exploitation. But as Paradise_R said, look for the error log.

demon67 · March 9, 2023, 6:59am

thank u so much ,u made my day

Zaideby · March 9, 2023, 8:22am

I tried to fuzz the box with all default kali wordlists and I can’t find any directory or file since yesterday. Has anyone an advice or a special wordlist recommandation ? Thx

D3rix · March 9, 2023, 2:39pm

Pls need a hint which is to be foothold for me please,
give a proper hint but i am stuck with the login page

hackthenberg · March 9, 2023, 5:30pm

Can i get help with getting foothold
ive just got secret, but everytime i create the changed cookie i can’t even use it

QuantumFrenzy · March 9, 2023, 6:04pm

Rooted! Thanks @cmoon for the point in the right direction. Anyone stuck, feel free to send me a PM

Topic		Replies	Views
Official Hancliffe Discussion Machines	12	1585	March 4, 2022
Official Ready Discussion Machines	362	36525	October 11, 2024
Official Resource Discussion Machines	153	4792	November 23, 2024
Official Escape Discussion Machines	113	9629	December 10, 2023
Official Flight Discussion Machines	70	5520	May 7, 2023

Official Agile Discussion

Related topics