Official Chemistry Discussion

:stuck_out_tongue: Me too.
I wanted to display the files in the folder and that would kill me, but the guy above has root. I donā€™t know how. Maybe Iā€™ll find out after the machine retires.
The key is sha512 hashedā€¦ I donā€™t know the password length. Calculating it with a hashcat took forever.
Moreover, the hash iteration is several times.
I donā€™t knowā€¦

There is a way to be root by LFI.

Okay. Great. Iā€™ll investigate. Thanks.
Have you found the flag and are you investigating the machine further?
Someone told me about LFi earlier, but I canā€™t get around to it yet.

Have you found the flag and are you investigating the machine further?

Yes. Just out of curiosity.

1 Like

All right. I thought you couldnā€™t find aiohttp. Thanks again for the reminder about LFI. Iā€™ll come back to this.

1 Like

yes I use that

2 Likes

Thanks!

DONE! nice box, feel free to DM for a nudge!

1 Like

hey i want help in exploit

at what stage?

I managed to get rootā€¦ it took me a while to find the key because the manual says User, but I managed. Thanks again, thatā€™s a lot of knowledge!

1 Like

Enumerate. Find exploits on what the application is using.
You can DM me for hints.

1 Like

For those having trouble with root getting the 404 try using the --path-as-is switch with curl once you have the port forwarded. You could also do it as rosa locally on the box once you get to that point. There really isnā€™t a need to forward the port unless youā€™re simply curious as to what the service running looks like.

am i supposed to crack the hash for root that i found using path traversal vuln?

Just got root flag, but without being root, is that the intended way? :thinking:

hi, for foothold i tried different payloads but none of them worked, is there anyone can help me
(server gives internal error everytime)

1 Like

thanks but why doesnt it work with ā€œbashā€ only

Got the exact same problem.

Did anybody actually get on as root, is a shell with the path to root possible? I got the final flag but am just a bit curious, donā€™t wanna chase a rabbit hole down if itā€™s not possible.

Also if anyone is still stuck on this, DMā€™s are open for nudges.