I have user but had to watch a video tutorial (sorry to say). I’m curious if others can share how they enumerated (private if you would). I used traditional nmap, nikto, dirbuster, and searchsploit for what I was finding and got no where. I did not find this intuitive at all. The most helpful hint of all was the h***s file hint. Again, my first hack, and definitely learned trying too hard is not the way to go.
I have user but had to watch a video tutorial (sorry to say). I’m curious if others can share how they enumerated (private if you would). I used traditional nmap, nikto, dirbuster, and searchsploit for what I was finding and got no where.
If you visit the page, the information is there.
I did not find this intuitive at all. The most helpful hint of all was the h***s file hint. Again, my first hack, and definitely learned trying too hard is not the way to go.
Dont focus too much on tools. Opening a site in a web browser is often very effective.
Rooted. This was a nice fun machine, but it did highlight a serious problem that is very common. @ippsec, great machine, and looking forward to many more.
Hi guys, thankful for the hints, was able to raise a t***** and log in using what was presented. I need a bit of a nudge, am I going in the right direction by uploading a certain php file on the h******* and so on (trying to not spoil anything here) or am I going doing a rabbit hole again? Would appreciate some guidance! EDIT: Thanks for the nudge @Obtru3sion and @TazWake , tackling this box again tonight.
I just got user and moving to root. This thread really helped me keep things simple. I would have gone off the rails trying all of the complicated things first! Now off to root…
This was a fun box. - Learned some cool tricks with the cat
Thank you @ippsec for the creation of it.
There is enough hints here and from ippsec to do it all.
And rooted! Thanks for the tips guys. Would like to additionally point out that to get the initial foothold for user, document everything shown, especially once generating a t***** on the h*******. Root was much easier and quite fun actually.