Official Interface Discussion

Hi, any hints how to find that endpoint ?

They are all in the subdomain, you just need to enumerate it again and again :relaxed:

It is something that always come with the library used in the machine, but it is pretty much a rabbit hole, we could find something useful, but my reverse shell keeps falling immediately after connection

I doubt a easy machine will have rabbit hole. You mentioned reverse shell, so it means you can execute code on it ? If yes then it’s probably not a rabbit hole

Not on it, I can on a completely different path

Piece of cake. 30 mins and done. Nice easy box.

This is the second longest machine I had completed, but looking back it was so easy…

I guess it was because of the new things, and it was absolutely fun to solve together with new people, I thank very much to @hackertheworst who was searching with me since from the begging and also to @Xeiroh who was up until now :heart:

A key to get user is enumeration, look into every directory and don’t fall into rabbit holes (vulnerabilities fixed years ago wont work!), be patient, intercept all the document, and remember that you may not only fuzz with get methods but also with post methods

And for root, just understand what is happening, if you notice a file that is being suspectly called over and over again, check it out and try to exploit it somehow

For anyone needing help with this absolutely crazy confusing easy machine, you can surely call me, at anytime R is always here :heart:
(I don’t even need to sleep :flushed: )

3 Likes

Im completly stuck! Can someone give me a hint? Thanks!

Of course, I sent you a message regarding the topic :heart:

rooted… this box felt like it was all about the enumeration, and i learned quite some things

Just finished this machine, its all about enumeration, however i would rate it on the medium scale rather than easy. For anyone stuck feel free to drop a PM.

Hi everyone, I just have a small question. How do you do a reverse shell on this macine. I did everything, I used the api of dompdf, the rce nothing works. I’ve been at it for 19 hours, please help me, I want to sleep.

Try to enumerate what can be the parameter api/***

Rooted a bit ago. Very few steps, but the exploitation itself is more on the Medium side than easy. Especially important to enumerate well and use more than you would usually do.

Any hints for root?

This is far from being an easy box.

It is a known vulnerability from d****f, which is possible to find online, otherwise I can help you if you need :heart:

1 Like

Look at the running processes and understand from where they come, this should pretty much show you what to do, but of course, I can help you if you need :heart:

I’ve yet to complete the box but I feel I’m close. IMO “Easy” doesn’t necessarily mean you’ll be able to knock it out quickly, generally I’ve found that “easy” boxes are relative to the steps you need to take to complete the box. If the steps are simple but unfamiliar, it can take you hours or even days of reading and learning just to know what to do, but once you know what to do, the steps are usually simple to execute and replicate.

I’ve got root before getting user. I don’t even know how to get the user flag without being root. Is this how the box is supposed to be?