Official Chemistry Discussion

system · October 19, 2024, 3:00pm

Official discussion thread for Chemistry. Please do not post any spoilers or big hints.

H4ck377y1977 · October 19, 2024, 7:44pm

hi is anyone having difficulty connecting?

Bysploit · October 19, 2024, 7:50pm

Yes machine is taking forever to load, webserver never loads

HyperVenom29 · October 19, 2024, 7:59pm

Yea Can’t even ping.

H4ck377y1977 · October 19, 2024, 8:05pm

its working now:)

afxIDE · October 19, 2024, 9:04pm

Are you supposed to get the initial foothold via SSRF?

simpletester · October 19, 2024, 9:45pm

Hi, does anyone trying to do a hard-rockyou.txt bruteforce? If so - please stop.

I think this could be the reason machine is dead from-start-to-30-min-max…

Should we restart VM one more time…?

*Hint from me: don’t bruteforce or hard-portscan-vulners. “You’re simple The Best!”

Depthsider · October 19, 2024, 9:47pm

Hey guys ,

may i get a hint please ?

Thanks

simpletester · October 19, 2024, 10:00pm

Web-enum should be a hint…

Good luck!

HyperVenom29 · October 19, 2024, 10:00pm

Trying to figure out the payload for example.cif

Netex135 · October 19, 2024, 10:04pm

If anyone is already done with the machine can I get some help with getting a foothold? I have a few potential ideas but they aren’t working out

simpletester · October 19, 2024, 10:06pm

Offtopic question to all of us:

can we all remember about ‘cleaning the house’ after we visited it?
We can all remember about not spoiling too much here on the forum.
But can we also try to remember to clean our own jobs-done-scripts&tmp-files to not-spoilt to other players?

“just a thought”

Thanks!

sinan · October 19, 2024, 10:24pm

just rooted.

i can help who stucks

codexhckr001 · October 19, 2024, 10:30pm

any hint would be helpful

csoruc153 · October 19, 2024, 10:31pm

Message me if anyone needs help!

csoruc153 · October 19, 2024, 10:45pm

Hi there, i’ll dm you so we dont spoil others!

Harbing3r · October 19, 2024, 11:04pm

found the initial foothold point, need a hint to achieve it

csoruc153 · October 19, 2024, 11:41pm

Hints ***

Foothold:
-quick nmap scan, check the ports for webpages
-Search the keywords you see in your screen + “exploit” or something related

Check if the payload is working with something simple and easy not many will work for the shell running it is limited, if you want a shell use https://www.revshells.com/ one of these should work
Privilege escalation to user: Look for databases inside the application, this step can also be done without getting a shell first
Privilege escalation to root: Check for ports that were hidden from our first nmap scans, forward them to your machine and go back to stage one of enumeration

rek2 · October 19, 2024, 11:47pm

fun easy box, perfect because got home late, and did it while watching a movie, prob not a good idea since I made a stupid mistake at the end instead of doing it the obvios way

wind010 · October 20, 2024, 12:13am

User was easy, but root took me an hourish.

Topic		Replies	Views
Official Resource Discussion Machines	153	4550	November 23, 2024
Official Compromised Discussion Machines	210	22182	January 25, 2021
Official Atom Discussion Machines	90	11278	July 8, 2021
Official EarlyAccess Discussion Machines	21	2628	February 5, 2022
Official Secret Discussion Machines	147	11304	March 24, 2022

Official Chemistry Discussion

Related topics