i have 2 301 but when i try to visit the page am getting 404
getting user requires using a unique zip name fyi
you have to fuzz them further with different wordlists
Rooted! I liked so much this machine cause I had never used BurpSuite and this was a very good starting for this amazing tool (also, take a tip for the root flag hehe)
User flag is kinda easy, you just have to google for exploits of the available services (as almost always) but also the version!
Hello,
Is someone can help me? I found the CMS based on this forum (even if I donāt understand how you can be sure itās this oneā¦), I think I found the correct exploit, but what ever I tried, no way to make it work.
Any help will be welcome!
[EDIT]
Not so easy! If this is an easy, I fear the intermediate! Without this topic, I wont be able to solve this!
Started this yesterday and just got root now. A few observations after reading all the posts hereā¦
- The early comments about a certain reverse shell already being left on the target by the creator are no longer applicable, at least as far as I could tell. It must have been patched out.
- I did not have to do any rebooting of the VM; I guess Iām late enough in the cycle of people pounding on the target where itās just me working this target (in VIP).
- I actually didnāt have to modify the foothold exploit script at all because, well, I found a version which clearly had already been modifiedā¦and along with it (in GitHub) was the main thing I needed, besides
exploit.py
, to get it to work. - After foothold, enumeration was the key, and once I found what I needed I got user nearly immediately.
- The path from user to root was not as obvious or easy for me as it evidently was for others based on the above posts in this thread. I quickly found the service of interest and, once I accessed it, I saw it was reading certain files on the target. The suggestions to use Burp helped, but again, trying the most obvious thing kept finding nothing āsuspiciousā. The tip above about thinking how the service works and how it could be reading the files really helped me. In my case, I started thinking along the lines of how certain injections work and that gave me what I needed, after some stumbling around, to get the flag. Some people evidently found something that let them escalate to root quickly by executing something. I didnāt do it that way and Iām not even sure what they are referring to. (If any of you all that did it this way want to PM me what you did Iād be interested in seeing how you did it.)
This comment helped me. I was using a different exploit that wasnāt working. I was stuck for hours. I found the exploit you are talking about. It worked!
I believe this is because the original exploit I was using tried downloading the php shell directly from the Github repo, but since these machines canāt access the internet it was unable to download the shell script.
I hope my pain can help others. (I know Iām a bit late lol)
Hi Guys, need some help please with the box. canāt gain the initial foothold. contact form looks promising since it really is communicating with my machine. but donāt know how to leverage that to gain access.
There is a readme on the box that mentions the CMS and a version file that mentions te version. The readme filename isnāt in all the wordlists so you may need to try a few before you get a hit.
ROOTED
User Flag
Didnāt like the user exploitation that much. It seems soā¦ Random(?). It requires random enumeration that probably you wouldnāt normally do, the URL to use is for the exploit is too random, but still it is not that difficult to exploit. Itās the first machine among the currently active easy ones that requires you to adapt the exploit in order to actually work. Nothing difficult but still a first approach to this mechanism.
Privilege escalation
Solved in a bunch of minutes. Browse for other services, and eventually you will read the file you need.
I liked the box, it was fun
User: wasnāt too easy for me (the problem was, once I started the box i tried for a bit and came here to get some hints, they helped but at the same time made it hard for me so I thought it was kinda impossible to figure it out myself)
Root: was very easy and straightforward it took me less than 10 min (5 for linepeas)
good luck
Fun box but i can def see why it has lower ratings. I donāt believe its and easy box at all. lost of editing and crafting to get things to work at least for me.
Not an easy box for beginners, the root flag was only a lucky guess causing an error