Official Trick Discussion

enumeration is the key. that user can’t write, but it can read. Use what you have to find more. what don’t you know?

1 Like

Good box! My fundamentals are pretty spotty so always good to do easy boxes that highlight those! Very easy to walk pass easy stuff because you assume it will be more difficult than it is

found a page L** available and checked r*m* has write priv, so tried to upload shell with s**m**, but failed… seems i need to find another way, but im not sure…

ok brother i got admin panel , but stuck in it , any nudge ??

I’m a little stuck on how to use the L**. I’ve been trying to leak the p * p s * * rce code (and thus find the u * l * * * d?) but could not find anything interesting. s ** p b* * * e f * * * e is quite slow, and I’ve been having some trouble extracting particularly interesting information from s * * p . How are you finding the additional user who can read/write stuff, and accessing it?

1 Like

i found creds for user r*** but i don’t know where i can use it. is it right way? where i can use creds?

I’m stuck , I’m admin on the web app (p*****-p******.t***.h**) and found an x** exploit on the website. I’ve got the users on the s ** p and found nothing interesting with the L** in i****.p** maybe there is somethig interesting with the a***.p** ?

EDIT: i’ve found the L**

I just need who can write because I only have the “bk" details to be used. That’s basically my speciality. I can successfully pullout in "cry*”.

stuck for 2 days, can u give me nudge?

Can someone please give me a nudge on what to do with the s**p port that comes up on the nmap scan. I have been stuck on it forever.

1 Like

I see a lot of people stuck on the same places. So I will give what I believe to be very general hints.

Getting Started: You need to use your basic enumeration skills on the ports you find. You will find something to look at. Just make sure to read out the results carefully.
Getting User: Just because something looks extremely juicy, doesn’t mean it is the only way in. Look at what you have and what else might be out there that you haven’t found yet.
Getting Root: Google, Google, Google

5 Likes

Did someone found something interresting with the d * * * b * * * directory ?

Directory busting is giving me nothing. Can someone please give me a tiny hint on what I should do? I looked at the nmap scan too, but the only thing that I could find is the s*tp. but I don’t understand what to do with it.

I have do everything you have said and I still with nothing. I can’t do anything, pls help😂

I find it unlikely that you fully enumerated all ports and found nothing. Again, look carefully at the results of your commands. Message me about the things you have tried if you actually find nothing.

I have found the port of tcmp and nds-nsdi, but I don’t know what i have to look up from this ports
I did an Nmap enumeration with - sC and - sV

I do not know what you are referring to. Are you sure you are scanning the right box?

Finished this up earlier. If anyone is stuck… Send what you’ve tried and I’ll help point you in the right direction

5 Likes

Found something in source, but got failed to open stream: Permission denied. is it a rabbit hole?

1 Like

For people that didn’t find anything with nmap…
May you were as stupid as I and did not download the release openvpn access data but used some old one…

After using the right openvpn thing, the light is on lol
Hope that ins entertaining for some :slight_smile: