Finally Rooted!
Box is slow. Is there anything to get with web enum?
I have bypassed the OTP, and logged in with P*****x account. Was able to upload some desired files, but they do not execute. (< converting to <)
Any nudges on what to do next?
Nvm, I was skipping a basic technique. Got the shell now.
Got user. Onto root. The user wasn’t actually hard, but tricky.
Edit: Any nudges for root?
Interesting box. Thank you @jit ! Spending time made me learn 2FA principles. Thank you!
FOOTHOLD : dead code shows the way
USER : don’t bother with challenge. See how it is configured and get rid of it.
ROOT : try to understand how database is backuped.
Can anyone help with OTP, please?.. Is it connected with ba****_***e? Tried to find smth about it, to no avail.
UPD: found another way to get shell, but it is still interesting for me how to deal with this annoying OTP (if it is not a dead-end, ofc) -_-
stuck at 2FA…
there is an exploit but it’ll crash this machine. I’m not sure if it’s the intended way
[UPD] rooted. Choose another way instead of OTP.