root
uid=1002() gid=1002() euid=0(root) groups=1002(*****)
No easy box at all. Foothold and user were just insane, would never have got those without helpful nudges from the good people of the forum. Root was a piece of cake though, assuming I went with the normal path.
Rooted. thanks to @ArtemisFY for helping me in sorting out where i was getting lost.
IMHO, there’s a misconception on the classification easy-medium-hard-insane which is not really related to the true “stiffness” of the box.
hints:
foothold: once you find it, be kind and leave a message asking what you want.
user 1: your favourite enum scripts will tell everything.
root: google the high one.
Edit:
wanted to add that this box taught me a lot more than many other “hard” boxes, so thanks @egotisticalSW
Thank you so much @bertalting and @Smyrie for the nudges on the initial foothold. I guess I was a little cocky because of the “easy” label of this box. Turns out, it wasn’t as hard as I was making it to be. I overlooked one small detail. The nudges helped me see what I missed.
Getting root was pretty hectic, but it all came down to google fu. It was easy enough, just a bit tedious.
All in all, this was pretty humbling for me, I came into it pretty cocky then immediately realized I am NOT Mr. Robot. But seriously, thanks @egotisticalSW for this box!
Not an easy machine for me, learned new things, sometimes boxes like this point me to great articles.
I feel like I’m somehow overcomplicating things here, I can’t get the shell to pop at all through D***** S***** M******** and the A******, anyone mind helping me figure this out?
Type your comment> @pizzapower said:
Type your comment> @wazKoo said:
Wondering how people discovered the 1st exploit S**I on that page. Since it was kinda blind not knowing how to trigger and check the result
Yeah, I agree, that was a bit obtuse. I figured it out pretty much from luck and viewing source because I found it odd that this page existed, but nothing was there. It was kind of sticking out like a sore thumb.
It’s an odd vuln for an easy box. Not even X** but a really specific offshoot.
I tried many injection into DSM login page but without success … I saw something with GZIP into HTTP, I will start doing some research about it !! could someone guide me it this is te right way !! I´m still looking for the user!!
@H4FN said:
I tried many injection into DSM login page but without success … I saw something with GZIP into HTTP, I will start doing some research about it !! could someone guide me it this is te right way !! I´m still looking for the user!!
I’ve no idea - it doesn’t ring any bells with me, which implies it might not be the path you need.
Think more about S*** and there are some good articles which can help you build the payload you need for this, or even all the things.
I’ve no idea - it doesn’t ring any bells with me, which implies it might not be the path you need.
Think more about S*** and there are some good articles which can help you build the payload you need for this, or even all the things.
I tried * doing rocking the password for admin I modified some python script for this without success too, Right now I´m losing my way with this box
Finally rooted. That was no easy box. Definitely learned a lot though. Thanks @SanderZ31 for the nudge
Foothold is definitely something I have not seen before. I needed a nudge in reading through these posts to catch on.
FOOTHOLD: the developer left a breadcrumb. the doctor knows about a different type of injection.
#whoami && id && hostname
root
uid=0(root) gid=0(root) groups=0(root)
doctor
Founded template in ‘services’ directory, Don’t know what to do next.
Any Idea?
This box comes with Blind SQLI ! I will start my new research about it !!
if anyone still stuck DM me for hints
explain where you stuck
not for the beginners
Spoiler Removed
Spoiler Removed
@H4FN said:
I’ve no idea - it doesn’t ring any bells with me, which implies it might not be the path you need.
Think more about S*** and there are some good articles which can help you build the payload you need for this, or even all the things.
I tried * doing rocking the password for admin I modified some python script for this without success too, Right now I´m losing my way with this box
There might be some confusion. The product you mentioned is not the way to get a foothold.
This box is a solid medium one. Definitely not easy.
totally got stuck with that si for last 24-30h. trying different places and different payloads without any success… think its pe or n**t params but i’m not sure… maybe no.
can somebody please send me good article which can help or little nudge in PM what i’m doing wrong? i’ll explain what i already did. thanks guys!