Official Shibboleth Discussion

Official discussion thread for Shibboleth. Please do not post any spoilers or big hints.

1 Like

Alright alright, I’ve been on the machine for a few hours, I might have a idea but I’m not sure how to exploit it, may I have a hint please ?

didnt really get the time to play around… got possible path to fh… exploits are also there… but seems like nothing really hits the right spot. Will play around later though!

google is your best friend for the foothold - search for the service that you have found and look at the website for another acronym

##BF#pumkin## pass

[details=“Summary”] :wink:
This text will be hidden

Finally rooted. Very nice box. Learned 2 new things. DM on discord if you need a hand kavigihan#8518

1 Like

Nice machine, good enumeration is key for foothold, be precise with your scans. Had a lot of fun and learned new stuff. Thx to the creator

This is a fun box. It took me a while to realise the entry point but largely because I was overfocussed on the first enumeration. When the penny dropped and I checked a different protocol it worked well.

Rooted. This was a great box! Learned a few new tricks. Great way to relax from the harder boxes.

My hints are no different than anyone else’s:

  1. Foothold - Enumerate! Pay close attention to your scans. When it doesn’t show, scan it again.
  2. User - Look at the services shown by NMAP, one of them will give you the keys to get in the door. Once inside, poke around and see what you can do to make the system do things for you. It helps to review the service documentation.
  3. Basic enum and privesc techniques along with a (pretty cool) vulnerability for an application running on the box. It may not stick out, but pay attention and don’t overthink it.

PM for nuggz.

Really nice box.
RCE: enum till you find something odd, once you find that, google will lead you to RCE.
User: this one is really simple, try with whatever you find on your way to RCE.
Root: something is vulnerable for that you will need a way to access it.
If you still need help. Discord:- luckythandel#6053

and Rooted ^^
nice easy one, for a change!
PM if stucked

Rooted, that box was oddly easy for me. Progress, finally?

For those who still struggle to get a foothold on the box, double check your scans. I lost quite some time because my first scan didn’t show me the results needed to go further.

Apart from that, cool box !

Rooted. Getting to root was pretty cool and something i hadn’t done before.

Thanks for another box!