Official Format Discussion

Yovecio18 · May 15, 2023, 11:28am

As @ooscubyoo mentioned you have to add FQDN to your hosts file…
I did same silly mistake and lost half day on it

gio_da_sicilia · May 15, 2023, 11:49am

Thabk you very much. Yes I have already added to /etc/hosts all the information of app.xxxxxx.xxx and also of the blog that I have create.
I think was a problem of connection because I have checked that I lost always the ping connection

Yovecio18 · May 15, 2023, 12:06pm

Anyone want to help with escalation to PRO user?
Feel free to DM me

viksant · May 15, 2023, 12:41pm

To all those struggling with pro user:
Keep in mind what type of DB is running on the background to check everything. Also that the http server is built on n***x.

Maybe it’s missconfigurated?

Google is really your friend here! try to link up both concepts.

N4v4S · May 15, 2023, 1:28pm

Need help for getting pro, please DM.

Aiden · May 15, 2023, 2:51pm

how to go from www-data to user? Any hints??

Timsu · May 15, 2023, 3:05pm

Have tried pretty much everything I know of, but still cannot get pro…

alic3 · May 15, 2023, 3:26pm

i feel you i can leak stuff. i kinda get the structure of the web server but i cannot figure out how to reach redis with that informations i got here.

viksant · May 15, 2023, 4:05pm

okay, to all those struggling with the machine:

Foothold: As the machine creator itself said: get pro. To do so, you need to keep in mind what DB is running behind, and how to interact with it using the web page’s “Engine”, look for some obvious files… and try to link up both concepts using google. Once you manage to go pro, look at what you can do by reading the source code!
User: Some basic enumeration.
Root: Box’s name. Google is your friend. Once again, keep in mind what DB is running in the backend.

Hope y’all get it!

MrKawasaki · May 15, 2023, 4:13pm

Is there someone I can PM to get a nudge on what to do after getting pro? I think I know what I need to do next but I am having some difficulties with doing that thing.

Thanks!

Chino1608 · May 15, 2023, 7:32pm

What is running on the system? What can’t we see? Or we can see if we want?

viksant · May 15, 2023, 7:57pm

that’s a huge spoiler bro xD

BenKen · May 15, 2023, 10:05pm

need hints … Simple#3503

cypher47 · May 16, 2023, 12:06am

Can anyone dm with help on foothold?

ph0bos · May 16, 2023, 4:11am

Finally rooted. This is a brainfuck if you’re completly new.
USER HINT: Read, read, read the source code. If you see what’s working on the page, the exploitation is very logic when you connect the pieces, especially when you consider the r***s db and how communicates the page with the database. Read and you’ll see how to get pro. (or maybe *set pro)

ROOT: If you’re not a master with python, you’ll need to google. There’s articles there that teaches you how to exploit the machine name!

As always, thanks to @Paradise_R for the help. DM if you need bigger hints!

philldav1 · May 16, 2023, 5:07am

Think it was the hardest for me to understand how to interact with r***s in the beginning to get pro . I think this box is closest to hard

0xlich · May 16, 2023, 5:45am

Anyone available to bounce some ideas on how to interact with the famous keys service?
I’ve been hitting my head to the wall trying to make this work or do anything for me.

Yovecio18 · May 16, 2023, 9:34am

DM me if you need help

rostbond · May 16, 2023, 10:10am

Great thanks for your help, @Yovecio18 !!!

hackw3ll · May 16, 2023, 10:32am

hi ! anyone around for a nudge on getting pro?