Just got the flags about an hour ago. The most time consuming part was getting the syntax of the “message” that opened the rest of the doors.
Anybody able to give me some pointers…
Have checked out the ports that I’ve seen open with nmap and can’t find anything on the pages…
I feel like this isn’t an easy box…
Type your comment> @rancilio said:
Anybody able to give me some pointers…
Have checked out the ports open and can’t find anything!
I feel like this isn’t an easy box…
Not sure how to help but nmaping the target will reveal the right port
Type your comment> @C4P7A1NFlint said:
Type your comment> @rancilio said:
Anybody able to give me some pointers…
Have checked out the ports open and can’t find anything!
I feel like this isn’t an easy box…
Not sure how to help but nmaping the target will reveal the right port
Sorry, I was meant to say that I’ve checked the open ports that were revealed from my nmap scan, but can’t seem to find anything at all on the pages.
Type your comment> @rancilio said:
Type your comment> @C4P7A1NFlint said:
Type your comment> @rancilio said:
Anybody able to give me some pointers…
Have checked out the ports open and can’t find anything!
I feel like this isn’t an easy box…
Not sure how to help but nmaping the target will reveal the right port
Sorry, I was meant to say that I’ve checked the open ports that were revealed from my nmap scan, but can’t seem to find anything at all on the pages.
There’s a clue on the page if you follow that you can get to a different page,look for something that can tell you the address to that page.
Finally, rooted this. Thanks for the help. I have a question though. When using the payload I found that some applications ran in the shell but didn’t work in the payload. Can anyone tell me why? Specifically, when trying to get reverse shell.
hammered it, enjoyed the box but the foothold part for who didn’t experienced that attack technique before will be tricky thou.
got user but i am unable to get privilege escalation. Can someone drop me a hint on how to get root in dm?
@Unkn0wnUs3r123 said:
got user but i am unable to get privilege escalation. Can someone drop me a hint on how to get root in dm?
Have a look at the other service and google the thing you are trying to do.
Type your comment> @Unkn0wnUs3r123 said:
got user but i am unable to get privilege escalation. Can someone drop me a hint on how to get root in dm?
Yeah, go back to your original enum and google some services from that.
I’m trying to esc priv for root access so I got a script that enables me to get hashes in the shadow folder but something’s confusing about the root’s psswd hash; it contains “/” whereas user s**** hash doesnt.
Made me wonder if I have tailed the wrong path. Any hint please…
rooted .
foothold is tough . atleast for me (read noob) . but there are two ways in i could eventually find and both of them worked .
user was easy . stick to methodology (note to self and others)
look higher for root
pm for nudges
I’m having trouble finding the page inside S***** M******** that allows me to try out the vulnerability. Any nudges?
@tanfoglio said:
I’m having trouble finding the page inside S***** M******** that allows me to try out the vulnerability. Any nudges?
Directory enumeration works.
Rooted with some help from guru @Harbard 
Feel free to PM me for nudges! Most hints are already pointed out in the thread so just remember to take one step at a time and be persistent as you should always be.
Hello everyone! I am stuck at D******** S********* M***********. I figured out that is susceptible to S***. I am getting a hard time creating an efficient payload that would bypass potential filters. I would be grateful for some hints, because I am missing something for sure
Hello guys! Any ideas why my reverse shell hangs at the root part? Is it because of the shared instance and something clashes with another user or is it that I’ve messed something? Can you PM me for help?
Type your comment> @mkampo said:
Hello everyone! I am stuck at D******** S********* M***********. I figured out that is susceptible to S***. I am getting a hard time creating an efficient payload that would bypass potential filters. I would be grateful for some hints, because I am missing something for sure
The results of your payload are “displayed” on a different page entirely.
I’ve got access to DSM by updating my h___s file. I’m testing out sending messages but I’m not sure if I need to exploit S__I or X__? Is anyone able to send me a nudge in the right direction? Bit of a noob
Edit: Got successful X__ injection on a____ page… what am i missing?
Landed a shell. My advice: img src r**e sl
rooted. User was relatively easy, root is also not too challenging with a bit of google for that pesky one that blocked you at the start.
Many thanks to @subtilis for his useful guidance.
I got user shell
whoami
s*****
Now I am looking for potential PE vector and I think the answer is in S*****