I have a ssh session as p******** but that seems like overkill. Taking a break now. Will return to try and get to user.
Rooted. Interesting box. Especially the path to user. What others have said about the emphasis on enumeration holds true.
- Foothold: Understand how the web server works. What interactions are going on behind-the-scenes? How much control do you have?
- User: Enumerate. There should be some things that really stand out. Figure out what they are and what theyāre for. Good lesson in Google-Fu.
- Root(first part): You have access to something new. Honestly the path forward from there is pretty straightforward. If you find yourself needing something, just think about what might have saved it. It should be fairly close by.
This was my first time leaving hints. Hopefully I didnāt overstep. If anyone needs any help., donāt be afraid to DM.
Edit: Found out that my root path was invalid. Someone before me left something changed. I thought it was too easy. Iām going to leave my root hint up since it still applies to the first part. When I get time Iāll retackle the box the right way.
2 Likes
after shell how to privsec
how to privsec from p********
just rooted the boxā¦ make sure to check the premissions of āthatā file carefully so you wouldnāt go down the rabbit hole lol
fun machineā¦ nice work mtoā¦
I used the āmax-retries 2 and the data length and found 2 ports.
Anyone try Nikto or Zap on this?
nikto yeah , but doesnāt help.
As Ippsec said: know your tools and how they work.
When you hit a static website, there must something elsewhere
hi friends i have found subdomain and found the potential db any nudge please.
sure ! DM
stuck on that sh**** sim******* part ā¦ any clues ? I can read some files and execute some sandboxed commands but nothing works
Hi can anyone give me a slight hint to what direction to take ive also tried subdomain checks used ffuf wfuzz dirb and gobuster and nothing interesting , thanks in advance for the help!
If you missed the subdomain, you should use another wordlist.
I canāt proceed after finding the subdomain, can you give some hints?
I rooted the box finally !! really really nice machine ā¦
my hint are the followring
enum with the newer -dev version of F*** the other itās not always working well ā¦
once you are there think every single thing manually youāll find the answer and the initial accessā¦
I heard some people complaining that the box is not very stable ā¦ try append a child 
the privesc iāts really straighforward! hope this can help and none flag me for too much hint!
any hint for user flag??
I can help get to user. Iām still trying to figure out root.
1 Like
iām confused where to dig
Hi all, Iām searching for a token in order to enter the jā¦ application. Iāve found a command that can theoretically give me the tokens, but I always get an error. Am I on the right track? Does someone hjave a little hint?
Thanks!
Rooted.
Some good hints here. I think I took a circuitous path from foothold to user.