I got the login page!! … let’s keep going !!..
Definitely not a beginner box…
got local shell but stuck in root
finally got the root! PM if you need nudge
What’s up with this hash? Looks like BCRYPT but hashid says it can’t identify it
Need nudge for foothold
Type your comment> @LMAY75 said:
What’s up with this hash? Looks like BCRYPT but hashid says it can’t identify it
Box maker egotistical said the following in discord:
“Just fyi, no bf or cracking required
If you’re cracking open rockyou you’re doing it wrong”
Type your comment> @cool4coder said:
Hereby I would like to nominate @egotisticalSW officially for the troll-of-the-month-award for outstanding achievements in the field of hacker/pentester/itsec-researcher deception during recon.
Those who found their way to foothold without a hint or nudge from a third party should be rewarded with an hawkeye-badge on their user profile page.
lol
foothold : stay low & basic enum
user: id
root: go higher
Got User, root is next
For User: Enumeration is really the key, but if you need a hint, DM me here or on Discord
For everyone who is struggling just check out the ART image of this box. That’s a big hint.
Rooted, Knock my inbox for hints. But describe where u stuck.
Anybody took a look at the machine’s OpenBSD Secure Shell server
after rooting and interested in discussing the modification @egotisticalSW has done to it with me in PM?
Getting user was more challenging than I’d expected and now the “release arena” session keeps crashing out on me.
Anyone can help me? I’m stuck after logged in
Quite a fun box! There are multiple (intended) ways to get user and root, so don’t be confused if a hint here doesn’t make any sense for what you are trying.
Feel free to send me a pm if you need a nudge, but please tell what you have already done, and where you are stuck
Spoiler Removed
@LMAY75 said:
Root: Try your original exploit idea again.
Good advice - interestingly I tried it first as well, took me a while to give up on it and look elsewhere.
“root@doctor:/root# hostname && id && whoami
hostname && id
doctor
uid=0(root) gid=0(root) groups=0(root)”
Nice box!
The foothold was def tricky. After I did it I was like: Really?!?!
Spoiler Removed
@wazKoo said:
Wondering how people discovered the 1st exploit S**I on that page. Since it was kinda blind not knowing how to trigger and check the result
Not sure what S**l is in this context. The first exploit I used wasn’t blind. You could see the response in the next page - it’s just that sometimes the browser hides that type of data from the rendering engine.