Official Pilgrimage Discussion

Aiden · June 24, 2023, 9:35pm

so when i’m trying to read the output of /var/**/*********e , there are so many zeroes in the hex code and it’s erroring out everytime i try to read it. Any hint how to do it?

yelbirb · June 24, 2023, 10:14pm

any hints?

yelbirb · June 24, 2023, 10:18pm

i am also stuck at upload but i used gobuster before

shlot · June 24, 2023, 10:19pm

Someone deleted, restarted the machine and now I got this folder

ph0bos · June 24, 2023, 10:52pm

Pro tip: Dirbuster doesn’t finds git repositories

shlot · June 24, 2023, 10:53pm

In my case a wordlist worked, I just needed to restart the machine because someone thinks that It’s funny to delete files

mrBroccoli · June 24, 2023, 10:54pm

Might I add how frustrating it is, that every few minutes or so, the machine lags to load the website!

yelbirb · June 24, 2023, 10:55pm

so what do i use?

Aiden · June 24, 2023, 10:58pm

for the root, the poc isn’t working:/

I’m not sure what i’m doing wrong

Nightsedge · June 24, 2023, 11:06pm

So are you supposed to see/be able to download the entire hidden directory or do you have to bruteforce it? (or look for a specific file in that directory)

ziadaligom3a2 · June 24, 2023, 11:08pm

pandaxar · June 24, 2023, 11:08pm

Welp, i’ll wait for tomorrow to be able to play this box, can’t even ping the machine properly, so frustrating …

LordPigeon · June 24, 2023, 11:11pm

Can someone DM me a hint for what file I should be looking for with the exploit?

yelbirb · June 24, 2023, 11:12pm

for me too plz

podsrus · June 25, 2023, 1:07am

Does anyone know why i am getting this error? The hex is looking different each time i run the exploit and i get this:

I hope that’s not too much info, i tried to remove the relevent

Adrigm2608 · June 25, 2023, 2:33am

foothold:do fuzzing, don’t just try the typical, try others, from there see what tool the web is using and search in google
user: look at the source code, above in the forum you will find something that will help you.
root: enumeration, and search on google and youtube

Minervva · June 25, 2023, 2:40am

Anyone knows or tested some “untended” way? I’ve found an weird server response, and i not sure if it’s make part of the main path.

mrpunkyx · June 25, 2023, 2:42am

Nice machine, I got a little caught at user at first but once i notice the core issue getting user and root was quite straight forward.

Hints:
User: If you run nmap with scripts and look carefully at the output, you will have no need to do gobuster/fuzz to find the foothold.

Root: look for user-triggered root activity in the machine.

Good luck!

gnos1s · June 25, 2023, 3:03am

I’m stuck at getting the foothold, I have the source code but I can’t seem to work out what to do with it. Can someone give me a hint?

waynegreptzy · June 25, 2023, 3:28am

Very easy box. A nice snack to keep us happy until “Intentions” gets dropped. There are plenty of hints already on this forum, more than enough imo.

Topic		Replies	Views
Official Trickster Discussion Machines	180	5071	January 6, 2025
Official Forgot Discussion Machines	69	6350	March 3, 2023
Official Ouija Discussion Machines	30	3712	January 18, 2024
Official Sau Discussion Machines	381	18492	October 15, 2024
Official Axlle Discussion Machines	95	2379	October 13, 2024

Official Pilgrimage Discussion

Related topics