did happen to me, had to stop and start the machine, it worked for me
Thanks for the replies @Bl4ckKn1ghT and @s1l3ntmask, was starting to think it was something on my end.
Can someone give the hint from zzinter in ssg to root?
yup. Ain’t no way this is a medium box. Not even close!
Its very clear none of us know much about CA’s ■■■■
you can say that again! dear god this is a hard one.
true
i found the xss but nothing more, any help?
foothold?
Once you register there is one vulnerability that could get access to /etc/passwd but in this specific case it doesn’t. Try searching how you can gain RCE via this vulnerability
I got webshell but cant find any credentials for ssh.
Do I need to get reverse shell for a more stable terminal?
This box is absolutely kicking my a** Man what a hard box
“Do I need to get reverse shell for a more stable terminal?”
This is always the case isn’t it!?
Did you search the home dir to the user you got access to!?
Jajajaj yeah I know.
What I meant was if instead of looking for ssh credentials with the webshell I should focus on a reverse shell using nc.
I found two users in the home folders. But cannot see the contents of those folders
What user did you get access with!?
I have always sucked at understanding certs…and this box just reinforces that
Same bro I cannot figure it out
this box is mislabled, it should have been tagged as hard (or insane) and named certs.
www-data
Pretty hard for medium box.
Check his home directory