Official Doctor Discussion

MohamS3c · October 4, 2020, 11:33pm

… and Doctor rooted ;
I would like to thank you all for the tips, the one worth repeating is enum enum enum.
thanks to @egotisticalSW for the machine.

caveeroo · October 5, 2020, 9:52am

rooted, foothold was tricky.
for user, linpeas should be enough

for root you’ve got everything you need already

caveeroo · October 5, 2020, 9:52am

if anyone really need a nudge, pm me with details on where you are specifically in the box

thatjoe · October 5, 2020, 3:49pm

Alrighty, so I have finally rooted and box. It was a really fun box. I wouldn’t really call this a easy box, more like medium. There are enough hints in this forum, so i don’t want give away too much and spoil the box. But if anyone needs a nudge, feel free to DM me.

humangarbage0 · October 5, 2020, 6:55pm

Hello Guys, i stuck at the login page i search for different information about the server or other flaws like x** or s**i but i found nothing.
Do you have some hints ?

TazWake · October 5, 2020, 7:13pm

@humangarbage0 said:

Hello Guys, i stuck at the login page i search for different information about the server or other flaws like x** or s**i but i found nothing.
Do you have some hints ?

Look at what you can inject, and then your google searches might be a bit more effective. When you say si, make sure you’ve looked at the right si.

humangarbage0 · October 5, 2020, 7:18pm

Type your comment> @TazWake said:

@humangarbage0 said:

Hello Guys, i stuck at the login page i search for different information about the server or other flaws like x** or s**i but i found nothing.
Do you have some hints ?

Look at what you can inject, and then your google searches might be a bit more effective. When you say si, make sure you’ve looked at the right si.

I think about sli or sti but i’m not sure…

Worty · October 6, 2020, 9:41am

Hi !

I got a certain… string in a file of the server for the user password, am i on the right way ?

Thanks

TazWake · October 6, 2020, 9:47am

@Worty said:

Hi !

I got a certain… string in a file of the server for the user password, am i on the right way ?

Thanks

Probably

EDIT

Turns out, no, it isn’t the right way in this specific case.

krishnavamsi · October 6, 2020, 1:36pm

Can anyone help me?
I’ve been trying for a couple of days to get past the S***** MG. I know I have to use SI but can’t get any kind of response. I checked for all pars. And I don’t how A*** is useful

Worty · October 6, 2020, 1:37pm

Type your comment> @krishnavamsi said:

Can anyone help me?
I’ve been trying for a couple of days to get past the S***** M***G. I know I have to use SI but can’t get any kind of response. And I don’t how A is useful

Keep trying, you are on the right way, sometimes, response are hidden

Worty · October 6, 2020, 2:26pm

Finally got root, that was an interesting box !

Dm me if you want hints but there are already a lots of them in the discussion !

Thanks for the box!

Andres7ll · October 6, 2020, 5:58pm

Fun box!! Thanks @egotisticalSW ! on the border between easy and medium

If anyone nedd help, pm

braj · October 6, 2020, 10:37pm

Looked into all kinds of files and read through my linpeas output numerous times and still cannot find anything to get user. Can anyone msg me a nudge on what I should be looking for? Strings’ing all different kinds of files has not been fruitful.

TazWake · October 7, 2020, 9:35am

@braj said:

Looked into all kinds of files and read through my linpeas output numerous times and still cannot find anything to get user. Can anyone msg me a nudge on what I should be looking for? Strings’ing all different kinds of files has not been fruitful.

Manual enumeration works well here. Grep is helpful. Think about how the application works, what users might do by accident and where that would be captured.

darvidorold · October 7, 2020, 4:30pm

Finally rooted. Many problems with initial foothold. Specially with fucking quotes. super noob. User was quick but I don’t like it much. root also quick with a bit help. Best part the foothold. Thanks for the help given. If anybody require help PM.

crash0 · October 8, 2020, 9:31pm

Rooted.
I got the foothold two different ways. One being the all things thingy, as expected, and the second one from a certain tag that I have absolutely no idea why it works, but it does, straight to a reverse shell even. Using a few ifs.
Can someone pm me about that second case?

Path to root is straightforward, just google it.

Harbard · October 8, 2020, 11:58pm

I’m late to this party, but finally rooted. Interesting box to say the least. The thread definitely has everything you’d need for hints. Feel free do DM if you need an extra nudge.

cmoon · October 9, 2020, 6:02pm

Phew, took me long enough but eventually got root. Shoutout to @Darvidor @caveeroo @limelight @he110w0r1d @exord26 for all their help and nudges.

Plenty of hints already but feel free to reach out if you’re stuck

PapyrusTheGuru · October 11, 2020, 7:39am

Found the s*c*u*e m*s*ag*ng platform, made an account… hopefully I’ll be able to make some progress.

EDIT: got hashes… this is getting interesting.