Really interesting box requiring different attack approaches than your usual Windows box. First off, as always, try to understand how the website works. Basic functionalities how are handled. Try to find all of its features and see how you can make use of what you found.
Getting your foot in, is about abusing a basic functionality, use that, invoke that, and of course avoiding some bypasses. Once you get inside, look around and find what’s new. Find out how to work with it and see what it does, how is it built. This should be enough to find something extra. Rooting requires attention to detail. Find where you have access and try to figure out why. Work around that. Build something of your own, try to fool that thing you found, and that’s about it. I’ve tried summarizing as vaguely as possible. Good luck peeps.
Hi all, I’m stuck on the second login portal as I can’t find the right ID to login, tried few different things, but still no luck, any advises where to look or approach?
managed to upload file, when i go to view it i get “error occured when trying to load file”, nudge would be appreciated (ive tried msfvenom payload and others)
Does anyone else get an “incorrect flag” and “you have no active machine” error? I am getting it while submitting the user flag. Not sure how to fix it, tried login/logout and VPN disconnect/reconnect
Is there some reading material someone can suggest to help me tackle the foothold? Looking around I can see some interesting points, but I’m not quite sure about how to go about making use of anything. I’m not even sure if I’m even looking at the right things. I don’t care if I have to spend the rest of the week just studying. I just want to understand more of what I should be looking for when I run into boxes like this.
Hi !! how’re you all ? Hope you’re having fun. I need some help, can someone please give me a hint on the file upload? hmm I cant bypass it thats the way to do it ? Thanks in advance !!!