Official Runner Discussion

hshakilst · April 21, 2024, 5:18pm

Okay bro got it.

TRICP7 · April 21, 2024, 5:31pm

Finally pwned, follow the clues above for user flag and create a container exploiting a vul to root flag.
Send me a message if you need help

Dedsec007 · April 21, 2024, 5:39pm

I’ve sent you a message!

greder · April 21, 2024, 5:43pm

what do you say with that

Kr4t0s4s · April 21, 2024, 8:56pm

Hello guys, hope you’re all fine.
I began working on Runner but got stuck at enumeration with gobuster.
I read about gobuster in vhost mode, despite several scans and DNS and vhost, no results. I then read that a personalized wordlist would be consistent here but I don’t understand what to base it on, no conclusive results in the little enumeration that we can do, and no additional information on the web server. A little hint or an explanation on wordlist customization?

noxlumens · April 21, 2024, 9:09pm

If you have the Seclist wordlists, check out some of the DNS wordlists
Seclists > Discovery > DNS > pick a couple to scan with if you get nothing on your first scan. I checked a couple and they have what you need.

It would be good to go back with CEWL afterwards, if only to get familiar with the tool.

Kr4t0s4s · April 21, 2024, 9:59pm

Thanks I’ve a little question, I know what I have to found and it’s in some of these wordlists, but gobuster don’t find them, I tested in vhost mode and in dns mode, but i tried to increase threads because it’s very long, it can be a problem for findings ?
Ty

noxlumens · April 21, 2024, 11:04pm

I used gobuster vhost too. Try adding the --append-domain flag and I went at 50 threads -t 50. gobuster vhost -u http://example.com/ -w wordlist.txt --no-error -t 50 --append-domain
You could also try with one of these if you can’t get vhost to work:

gobuster fuzz
ffuf -u http://example.com/ -H “Host: FUZZ.example.com” -w wordlist.txt
wfuzz -u http://example.com -H “Host: FUZZ.example.com” -w wordlist.txt

There are probably other ways to search but I used gobuster vhost with a seclist dns wordlist. You’ll get it if your persistent.

4wayhandshake · April 21, 2024, 11:04pm

Hmm. Please DM me about this and show me the command you’re using.
When I did this part, the scan only took a minute or two - so there might be something wrong. Get in touch and I’ll try to help clarify

Kr4t0s4s · April 22, 2024, 12:09am

Thanks ! Got it, big thanks for your help. Going trough now.

Kr4t0s4s · April 22, 2024, 12:10am

Thank you that’s ok I’ll be fine I’m learning, I added --append-domains and it work, I search about and understood. Thank you.

alone44 · April 22, 2024, 12:01pm

how can i find password for matthew can someone help .?

artemis37 · April 22, 2024, 3:11pm

i was able to retrieve matthew password , but it seem not working currently , try to find out another way

CAHOner · April 22, 2024, 3:36pm

Can someone help me with the root?

Jamessuperfun · April 23, 2024, 5:10am

Fun box. Foothold wasn’t too bad (just do some research once you find the page) but it took me a while to find what I needed for user, didn’t check the right places. Not sure about root though… LinPEAS doesn’t seem to have found much of interest, and I’ve not seen any interesting files.

RezyDev · April 23, 2024, 5:54am

You prob need to re look at what “LinPEAS” gave you. Look properly. And maybe letter-by-letter.

crimsonpwn · April 23, 2024, 6:15am

can anybody nudge me for the foothold ? is there anything to do the tc version ?

DeusX23 · April 23, 2024, 9:32am

is d***** a rabbit hole?

yoga_joker · April 23, 2024, 9:36am

Hello Guys,
I tried to upload some tools but they’ve been deleted immediately.
Did you have the same problem?

Thank regard

txvScoobyDoo · April 23, 2024, 12:07pm

Hello guys, I’m stuck trying to get the root flag. I believe I’m very close, but I’m missing something. I’ve already created a c********, but I can’t access it through d*****. When I try to connect, I keep getting ‘permission denied’.