Official BoardLight Discussion

system · May 25, 2024, 3:00pm

Official discussion thread for BoardLight. Please do not post any spoilers or big hints.

k1lly · May 25, 2024, 9:05pm

any ideas for first vector guys? Im stucked

crypticsilence · May 25, 2024, 9:28pm

found a comment in the source, and the file seems to exist, but cant find working params for it so far with ffuf or manually

OnyxIchor · May 25, 2024, 10:23pm

That’s where I am. Since all was blocked, going back to test importing.

Zioff · May 25, 2024, 10:35pm

Any hint for root?

k1lly · May 25, 2024, 10:38pm

I am so stuck on the user so far… Any hint in dm?

redspider · May 25, 2024, 10:41pm

Whats the first vector ? found a commented file but no parameters seems to be working for it ?

Zioff · May 25, 2024, 10:54pm

For the foothold, you should try all the common enum. If you need extra info to do so, you should search in what you already know…

andlommy · May 25, 2024, 11:16pm

any hints for root?

TonySD · May 25, 2024, 11:58pm

Any hints for first vector?
Have no idea…

cyberafro · May 26, 2024, 12:02am

Read the page from top to bottom, then enumerate properly web content. You should see attack vector

crypticsilence · May 26, 2024, 12:22am

all in all fun box! nothing too crazy, but not so easy its dumb.

initial foothold: honestly missed this first time around, there is another domain to be found, enumerate well. searching for vhosts there leads to cve immediately

user: look around closely for something that could be used elsewhere

root: buddhists seek this. linpeas will find it also. if you find something and it doesn’t work, seek further info on WHY it doesn’t work, you may need to edit a little, there is a great writeup you can find also

much enjoyed cY83rR0H1t!!

JimShoes · May 26, 2024, 1:44am

Fun little box. If anyone needs a nudge, feel free to DM.

dreekos · May 26, 2024, 2:10am

i used multiple lists on SecLists nothing so far what list worked for you ?

JimShoes · May 26, 2024, 2:26am

Feel free to DM me. If you’re not picking it up with a standard word list, I wonder if the command you’re using is the issue.

wrf · May 26, 2024, 3:10am

For some reason I needed to try multiple times until i got a hit on the right vhost. Any seclists default subdomain enumeration list should work. Maybe someone screwed the machine instance that i was trying to explore. Try changing your VPN.

dreekos · May 26, 2024, 3:11am

the thing resets every 3mn or so interrupting my tests how annoying

dreekos · May 26, 2024, 3:12am

i found it thanks for the help it s the thing after that that’s a bit annoying to work with

jordan01236 · May 26, 2024, 3:58am

Rooted, very easy machine. User is super easy and so is Root. For root dont overlook anything I missed something very important during enumeration and wasted a couple hours of time.

anggabogabo · May 26, 2024, 6:26am

Can I dm you for hint?