OpenAdmin

root@openadmin:~# id
uid=0(root) gid=0(root) groups=0(root)

pretty straight forward box now that it is semi stable for free users. not sure how people got root before user, would like a pm to know the way because i went the intended route i think. of course you can pm me for nudges if you are stuck.

was really trying not to do this but i need a nudge i got creds but dont know what to do with them

Edit: nvm got it lmao i feel stupid for typing something wrong super easy box though this was my second root of an active box

Type your comment> @kkaz said:

i dont know where everybody found vulnerable version, ran directory searching found si*** , mu***, and ar***** but none is using any technology

I am stuck at the same thing

Spoiler Removed

Type your comment> @brueh said:

nice’n easy but fun for a lazy sunday… :wink:

root was much to quick…
but after being stuck on other machines for weeks… this was a welcome change… :wink:

just wondering:
is it ok that the music-login brings you to the interesting page? seems strange!
otherwise i wouldn’t have found it that quick using my usual wordlist…

My buster errored out after finding that single page, I’m glad it led to the right one.

nice machine, very close to reality … few minutes to get users and more than an hour to get root, obviously for my stupidity: remember for me, always check s?d? -* before to enumerate

thx @dmw0ng, I enjoy it

What an amazing box! Super simple and straightforward. Totally recommended for newbies.

Foothold: Enumerate services and versions. CVE. Might need to remove some characters for it to work.

User 1: Enumerate every directory and each file.
User 2: Enumerate the parent directory of the directory in user 1 stage. Check what services are running on the box. What happens when you curl PHP?

Root: 2 minute job. CTF-like. GTFOBINS

great box to beginner

Hi all, I’ve got an initial foothold and am trying to get to a user, either of the j****. I’ve enumerated everything I think could be of use but it’s not leading me anywhere… am a bit stuck and could use a nudge please…! :slight_smile:

For those who are interested in the unintentional form, it has been fixed :slight_smile:

@Feythelus Don’t go too far from where you’re at…and look deeper. DM me for less cryptic advice

Got the initial shell…No idea which one’s the important file here.Could definitely use a nudge

Type your comment> @spowlay said:

Got the initial shell…No idea which one’s the important file here.Could definitely use a nudge

When you are in one’s neighbourhood, you shouldn’t do anything locally ?

i’ve got the initial shell with the script, but good lord it is SLOW.

and even trying to move up directories, i can’t do it. seems i can’t do much of anything

Type your comment> @ascannerdarkly said:

i’ve got the initial shell with the script, but good lord it is SLOW.

and even trying to move up directories, i can’t do it. seems i can’t do much of anything

If I get what you’re saying correct, with the script it is not that much of a shell. It only executes commands. I hope that helps.

i got the jy user but can seem to get ja, anyone know what to do with the R******d password?

Could someone give me a nudge please?
I got the interesting data when i did some curls.
Then I asked my friend john to take a look at the data and he said that he was going to rock it but then came up with nothing in the end.
Am I missing something? It doens’t seem like a rabbit hole to me.

Type your comment> @warendoz said:

Could someone give me a nudge please?
I got the interesting data when i did some curls.
Then I asked my friend john to take a look at the data and he said that he was going to rock it but then came up with nothing in the end.
Am I missing something? It doens’t seem like a rabbit hole to me.

did you asked john to convert your interesting data into something readable for john ?

Could someone give me a nudge please?
I got the interesting data when i did some curls.
Then I asked my friend john to take a look at the data and he said that he was going to rock it but then came up with nothing in the end.
Am I missing something? It doens’t seem like a rabbit hole to me.> @bertalting said:

Type your comment> @warendoz said:

Could someone give me a nudge please?
I got the interesting data when i did some curls.
Then I asked my friend john to take a look at the data and he said that he was going to rock it but then came up with nothing in the end.
Am I missing something? It doens’t seem like a rabbit hole to me.

did you asked john to convert your interesting data into something readable for john ?

yes i did use *2john.

edit
Got it, forgot to specify format to my friend.

@z3r0c001 said:
After weeks of fighting with the hard machines its so relieving to have an easy box pwned within two hours (even though first blood was within 11 minutes)…

Exactly.
I had a really great few hours with this box, nice to flow through all the steps for once.
DM for hints.