Official Sea Discussion

i have 2 301 but when i try to visit the page am getting 404

getting user requires using a unique zip name fyi

you have to fuzz them further with different wordlists

Rooted! :smiley: I liked so much this machine cause I had never used BurpSuite and this was a very good starting for this amazing tool (also, take a tip for the root flag hehe)

User flag is kinda easy, you just have to google for exploits of the available services (as almost always) but also the version!

Hello,
Is someone can help me? I found the CMS based on this forum (even if I donā€™t understand how you can be sure itā€™s this oneā€¦), I think I found the correct exploit, but what ever I tried, no way to make it work.
Any help will be welcome!
[EDIT]

Not so easy! If this is an easy, I fear the intermediate! Without this topic, I wont be able to solve this!

Started this yesterday and just got root now. A few observations after reading all the posts hereā€¦

  • The early comments about a certain reverse shell already being left on the target by the creator are no longer applicable, at least as far as I could tell. It must have been patched out.
  • I did not have to do any rebooting of the VM; I guess Iā€™m late enough in the cycle of people pounding on the target where itā€™s just me working this target (in VIP).
  • I actually didnā€™t have to modify the foothold exploit script at all because, well, I found a version which clearly had already been modifiedā€¦and along with it (in GitHub) was the main thing I needed, besides exploit.py, to get it to work.
  • After foothold, enumeration was the key, and once I found what I needed I got user nearly immediately.
  • The path from user to root was not as obvious or easy for me as it evidently was for others based on the above posts in this thread. I quickly found the service of interest and, once I accessed it, I saw it was reading certain files on the target. The suggestions to use Burp helped, but again, trying the most obvious thing kept finding nothing ā€œsuspiciousā€. The tip above about thinking how the service works and how it could be reading the files really helped me. In my case, I started thinking along the lines of how certain injections work and that gave me what I needed, after some stumbling around, to get the flag. Some people evidently found something that let them escalate to root quickly by executing something. I didnā€™t do it that way and Iā€™m not even sure what they are referring to. (If any of you all that did it this way want to PM me what you did Iā€™d be interested in seeing how you did it.)

This comment helped me. I was using a different exploit that wasnā€™t working. I was stuck for hours. I found the exploit you are talking about. It worked!

I believe this is because the original exploit I was using tried downloading the php shell directly from the Github repo, but since these machines canā€™t access the internet it was unable to download the shell script.

I hope my pain can help others. (I know Iā€™m a bit late lol)

Hi Guys, need some help please with the box. canā€™t gain the initial foothold. contact form looks promising since it really is communicating with my machine. but donā€™t know how to leverage that to gain access.

There is a readme on the box that mentions the CMS and a version file that mentions te version. The readme filename isnā€™t in all the wordlists so you may need to try a few before you get a hit.

1 Like

ROOTED

User Flag

Didnā€™t like the user exploitation that much. It seems soā€¦ Random(?). It requires random enumeration that probably you wouldnā€™t normally do, the URL to use is for the exploit is too random, but still it is not that difficult to exploit. Itā€™s the first machine among the currently active easy ones that requires you to adapt the exploit in order to actually work. Nothing difficult but still a first approach to this mechanism.

Privilege escalation

Solved in a bunch of minutes. Browse for other services, and eventually you will read the file you need.

I liked the box, it was fun

User: wasnā€™t too easy for me :frowning: (the problem was, once I started the box i tried for a bit and came here to get some hints, they helped but at the same time made it hard for me so I thought it was kinda impossible to figure it out myself)

Root: was very easy and straightforward it took me less than 10 min (5 for linepeas)

good luck

Fun box but i can def see why it has lower ratings. I donā€™t believe its and easy box at all. lost of editing and crafting to get things to work at least for me.

Not an easy box for beginners, the root flag was only a lucky guess causing an error