Official Editorial Discussion

ramippala · June 16, 2024, 2:56pm

Thanks everyone for the Hints.

FroggieDrinks · June 16, 2024, 3:30pm

USER:

If anyone needs user assistance you can DM me. I cant really say without giving to much away in a post.

Gordin · June 16, 2024, 3:55pm

(Advanced) enumeration can take really long here if you just brute-force, but e.g. SecLists has something that can vastly reduce the number of requests you need.

Sp00n3r · June 16, 2024, 4:06pm

Working on root, I can see the priv esc vector but could use some help on crafting the payload. Someone DM me?

Sp00n3r · June 16, 2024, 5:34pm

Suffice to say this was far from my favorite box, but its done.

bsnun · June 16, 2024, 6:08pm

Privesc wasn’t that difficult.
If you can just read the flag but still want to get a shell, you can try Metasploit.

Thanks @joher for the Ffuf hint. Made the whole scanning a lot easier.

lokiHours · June 16, 2024, 8:00pm

What Wordlist Should be used? I have tired SO MANY

sm01man · June 16, 2024, 8:15pm

Interesting, there’s 2 ways to enumerate the initial foothold.

Sp00n3r · June 16, 2024, 8:22pm

2 ways, or just multiple tools doing roughly the same thing? I’ve talked to folks that have used intruder in burp and ffuf, but they both were used to more or less do the same thing

Starsscream · June 16, 2024, 9:09pm

yes ffuf and burp can do the same type of enum but ffuf is 10x faster (or you must to have the burp suite
pro )

Starsscream · June 16, 2024, 9:35pm

it was not so easy for me honestly…

Abdul_99 · June 17, 2024, 12:59am

I have uploaded a python file to get a shell but when I open the file on the browser it downloaded instead of execute the file ! I am thinking I should find a way to upload it to different file to be excused!

Am I looking on the right spot?!

FroggieDrinks · June 17, 2024, 1:18am

What a pain of a box for easy lol. Rooted.
Roots not to bad youll know what to do pretty quickly.
DM me for a nudge or assistance. Ill try to help as much as I can without giving to much away.

Cider · June 17, 2024, 1:33am

rough…

hacetuk · June 17, 2024, 1:56am

oh after got root flag with helping hints i was trying to get rev shell as root …
For those who are interesting it also possible to get it by just add an e******* command within the Poc
pretty good one… thanks also for helping hint

H4bu0n · June 17, 2024, 8:28am

Very nice and easy box, kudos to the author. If anyone get stuck feel free to PM me.

SGTAn0nY · June 17, 2024, 8:44am

A bit of a scuffle, but possible (wouldn’t say the box is “Easy”). For the user part, either a good wordlist, educated guessing or a lucky guess are required.
Privesc was not that hard, even though a bit of research is required.

DM for hints (I won’t spoil anything relevant, just giving hints )

liram · June 17, 2024, 9:57am

Wow user was tricky, DM if you need a nudge:)

SpiritWolf · June 17, 2024, 10:45am

Hello!
I’m kinda stumped - do I fuzz subdirs and vhosts? Or the “upload” part is the intended way?

SpiritWolf · June 17, 2024, 10:46am

Any hint is appreciated, ty in advance

Topic		Replies	Views
Official Perspective Discussion Machines	16	3790	September 22, 2022
Official Paper Discussion Machines	312	18379	May 19, 2023
Official University Discussion Machines	16	1285	December 26, 2024
Official Late Discussion Machines	296	18254	July 30, 2022
Official Precious Discussion Machines	140	16058	December 7, 2024

Official Editorial Discussion

Related topics