Official discussion thread for Visual. Please do not post any spoilers or big hints.
3 Likes
anyone onto something?
Nope would have to see tomorrow maybe i’ll just run one scan and go to sleep ig
I can’t believe it’s not AD!
2 Likes
I think I’m on the track, but run out of ideas about how to solve M***019, is this issue just happening to me or do you guys are experiencing it too?
How can I get initial access?
I’m wondering whether it’s CVE or something else
i think that is not CVE just need use website for initial access
i feel like trying to open a stone…
2 Likes
I was able to get the user. It took me a bit of time to establish how to do it, I’m not good at windows privilege escalation, so rooting is going to be a struggle.
any little hint for intrusion? i’m stucked
Exploit what the box name indicates. Focus on understanding what can be done by controlling that application.
I don’t know much about github build let’s see
Would I need to create a github repo for the initial access
Today is Sunday. Sunday is day of hacking 
happy hacking everyone.
3 Likes
Gitea
4 Likes
for foothold/user? no.
Really good solid medium box as a starter of this season. Well done for the creator, IsThisEnox! Pretty straightforward, with a bit of hurdles here and there, just sufficient for enjoyment. And yes, indeed, it was refreshing, it’s been a while, since we had a windows box without AD 
Foothold and User: Understand what is the website’s purpose. What it does? The core functionality of the site is actually the way you can get your foot inside the box. Of course, you need to know how to work with git and actually build whatever is required in order to succeed. Read the main page of the site, it’s descriptive and explains what is the main functionality. Work with that, around that!
PrivEsc and Root: Look around the box. Enumerate! Where you have access and what can you do. This should be sufficient information to privesc then look further. Since it is a medium box, do not overthink this part, just attempt one of the renowned and popular attack vectors. Does it run? Fine? What is required beforehand, how can you get the appropiate rights in order to run that thing? Good.
And last but not the least, seen on discord people struggling, do not forget - boxes do not have WAN access. So, run your own of what you need to be running and enjoy. Hope these are not too much nudges. Feel free to DM but expect delays. GL!
13 Likes
Lol what are you deleting bro
Nevermind, just finished, after all the plan was right, I just needed to fix a minor detail, thanks to @HMS who helped me to detect it!
Feel free to PM, I’m glad to help as far as I can.
1 Like