Official Delivery Discussion

hey i had a lot of trouble. i never got the email veri. i tried signing up many times to no avial. nonetheless i got user.

having trouble on root now. got to the file that shows credentials, but… cant seem to login. i mean it’s there, even read the Ma******** documentation, which clearly says user:password. hope someone can help me

@computerpimp said:

hey i had a lot of trouble. i never got the email veri. i tried signing up many times to no avial. nonetheless i got user.

having trouble on root now. got to the file that shows credentials, but… cant seem to login. i mean it’s there, even read the Ma******** documentation, which clearly says user:password. hope someone can help me

Enumeration. Read the configuration files and what you need for the next step is there.

Does this box need a cve to gain a reverse shell ? Or we need to create an account ? I think the solution is about “tickets” service, but I can’t be sure of that.

@UVision said:
Does this box need a cve to gain a reverse shell ? Or we need to create an account ? I think the solution is about “tickets” service, but I can’t be sure of that.

As @TazWake said above you, this box is all enumeration and picking up little pieces of the puzzle as you go. If you can create an account on a box you should be doing that anyway to see where you can poke around more

if you need more of a nudge you can PM me

@HcKy I see, I must to find a “trick” to create an account without click on a confirmation email.

Working on root I found some files names hae and rey numbered from 0 to 7. The files contained some hashes. Is this the right track because there are plenty of hashes and will take time to crack. If not, could anyone give a nudge in the right direction?

@gs4l said:

Working on root I found some files names hae and rey numbered from 0 to 7. The files contained some hashes. Is this the right track because there are plenty of hashes and will take time to crack. If not, could anyone give a nudge in the right direction?

Some things to consider.

  • First blood on this box was 42 minutes. So even if you have a super slow machine, anything which is likely to take 2+ hours is probably not the right path
  • I suspect the hashes you have found are related to something else, possibly accounts created earlier on by people tying to get a foothold.
  • There is only one you need to crack and you probably need a custom wordlist for that.

I got credentials to connect to email os******* agent service, and now I’m stuck on how to become user with this access ?:frowning: I got also several “strange” hashes that I can’t crack.

Finally resolved, it was just an ss* issue.

Hello. I have looked at the hints and cant figure it out. Can someone PM me? I cant get around the email verification issue. I know the @ address.

@ealcorey4 said:

Hello. I have looked at the hints and cant figure it out. Can someone PM me? I cant get around the email verification issue. I know the @ address.

You only need to verify against one thing and it probably isn’t the thing you think it is.

Once you’ve worked out how the first thing works, you can find interesting ways to use that.

Can someone give me any hint for root part ? I found a file with an interesting note (conf**.****) and I suppose I am on the right way, but I’m now stuck.

@UVision said:

Can someone give me any hint for root part ? I found a file with an interesting note (conf**.****) and I suppose I am on the right way, but I’m now stuck.

It is useful. Look at the line above it to find out what it should be used for. Use it there. Get more stuff. Make the stuff readable (based on a hint you may have seen earlier on). Use the readable stuff.

Could I get a nudge? I am feeling kind of dumb here with the initial foothold. Ive read the whole Forum thread and I know I am missing it.

Type your comment> @PacketSlayer said:

Could I get a nudge? I am feeling kind of dumb here with the initial foothold. Ive read the whole Forum thread and I know I am missing it.

Check your inbox :slight_smile:

@TazWake thanks, I will look for this line, I need to understand how this system work. :slight_smile:

Rooted, but I couldn’t submit the flags :blush:

Can someone give me an hint to verify the mail address? Or what else I need to do to get a foothold? Thanks in advance!

Anyone else has problems accessing the helpdesk :disappointed:

I am also unable to go any step ahead after Contact Us, and unable to open del*****.***:**65 . Is it not supposed to be opened? This is my first machine and I cant figure anything out…