Official Unbalanced Discussion

@Aydeen said:

Really confused… I know I’m supposed to some sort of injection exploit on the login page, but am not getting any responses whatsoever no matter what I type in. Is this an issue with the box or me? Or am I just going down a rabbit hole?

You might be hitting the wrong login page.

This box was great. I learnt a lot
thanks again to @TazWake (i think he should be seriously going for beatification for his kindness) and to @trab3nd0 for the sanity checks.
foothold: enumerate…enumerate…enumerate. mind the gap: " is not ’
user: very funny…if you’re lucky like i am, you already done something similar in the past, so you can simpy adapt and reuse the code: it’s always a joy to see the string grow…
root: well, this is a simple yet original path…the hint is in there. just read and sploit it.

Stuck on finding the CIDRs any tips will be appriciated :slight_smile:

@abogaida said:

Stuck on finding the CIDRs any tips will be appriciated :slight_smile:

There is a client for the thing you need to query. You may have to install it though.

Once you install it, you can use the loot you find in the files to access the thing you need to query and get information such as this.

Finally:

root@unbalanced:~# id
uid=0(root) gid=0(root) groups=0(root)
root@unbalanced:~#

Thanks to @m1r3x for the bit of help! Thanks to the creators for such a good box, I got the opportunity to learn so much! Also the tips from this thread were pretty helpful for keeping my sanity :smiley:
Even if I spent some time on this machine, it was definitely worth it!
If anybody is looking for a little help, feel free to dm me!

Can someone help me, I can’t find the file which contains the info to foothold. I had downloaded all the files from the rsync, the day this box was released. Went through each of them for the 5th time now but can’t find anything useful. Maybe I don’t have the knowledge of something required to move forward and overlooking important things. I don’t know.

@gs4l said:

Can someone help me, I can’t find the file which contains the info to foothold. I had downloaded all the files from the rsync, the day this box was released. Went through each of them for the 5th time now but can’t find anything useful. Maybe I don’t have the knowledge of something required to move forward and overlooking important things. I don’t know.

You might be overlooking the important bit. Remember the things you are looking for can be spelt in a few different ways depending on how people shorten the word.

Do i must bruteforce to decrypt hash files?

Edit: nevermind i got it

I have the sq***.conf, now what? any nudge?

root@unbalanced:/# id&&date
uid=0(root) gid=0(root) groups=0(root)
Tue 15 Sep 2020 12:49:50 PM EDT

Thanks @polarbearer and @GibParadox

very well designed and fun box!

@0xstain said:

I have the sq***.conf, now what? any nudge?

Use the information it contains. It will allow you to use a client for that server which gets very useful data.

Ah the bottomless sq***.conf file :joy:

well… I can’t do anything more. What do I do after getting the e**fs encrypted files? I need to break it? how?

Type your comment> @tBaD said:

well… I can’t do anything more. What do I do after getting the e**fs encrypted files? I need to break it? how?

Google it

How am I supposed to inject the command I need without Burp? I can’t feed it through both proxies.

Nvm… I swear every time I ask something I figure it out right after

well… I don’t understand yet, I need to crack the password of them? or I’ll find the pass in bypassing the s**id?

Type your comment> @tBaD said:

well… I don’t understand yet, I need to crack the password of them? or I’ll find the pass in bypassing the s**id?

There’s a file that should be of interest to you in the stuff you downloaded.

I’m struggling a bit with this box and could do with some help.

I have all the config files but I think I need some IP addresses. I’ve written a python script to sweep the range I have but this only finds one. I’m now looking at the client for our eight limbed friend to see if this can give me the info but I can’t get it to work. I get access denied. I suspect this might be command syntax but I’ve tried a number of permutations without any joy.

As always any nudges would be much appreciated.

@sloth1985 said:

I’m struggling a bit with this box and could do with some help.

I have all the config files but I think I need some IP addresses.

Yep

I’ve written a python script to sweep the range I have but this only finds one. I’m now looking at the client for our eight limbed friend to see if this can give me the info but I can’t get it to work.

You have the information you need to use the client for that eight limbed creature. Using that client can get it to give you the information you need to find the IP address you are after.

I get access denied. I suspect this might be command syntax but I’ve tried a number of permutations without any joy.

It could be a few things, not least the difficulty in running a sweep in this manner because of the complexity in how the networking stack functions here.

As always any nudges would be much appreciated.