Rooted!
Thanks all for the tips posted here
i was a little rusty but this box brought me back
really well done box a lot of fun…good work
Very very beginner on pentesting in general, so I think I got the first user not sure, but nothing seems to happen, any advice?
i was stuck on user j*y
found port 56
if someone can help, pls sent pm
Can I enumerate j***y with rockyou or I have to find another wordlist?
i was stuck on user j*y
found port 56 and try with file ***n.*hp
if someone can help, pls sent pm
Type your comment> @p3rf3ct said:
I can’t seem to run the initial exploit properly. I edited a few portions to have it spit out the directories and additional information. This is my first box, so I’m unsure of what things are supposed to look like. Looking at previous posts, I think I’m on the right path, just would like some confirmation of what I’m seeing.
@ChainBanger, I tried dumping the exploit in .msf4/modules/ but no dice, not sure what I’m missing on that route either…
did you run updatedb?
i have got the shell. But unable to figure out how escalate from w**-a to jy
Rooted !! DM me for help 
Type your comment> @vtib03 said:
Can I enumerate j***y with rockyou or I have to find another wordlist?
Good question. I am on this stage.
Im using the i*** key but it ask me for passph***e?
edit1: got the passphrase
edit2: rooted
Hi guys !
I’m kind of stuck. I got the “n***a” password from j***y, but I can’t find a way to access a webpage not in www/html. Am I missing something obvious ?
EDIT : I found the open port on localhost but I don’t know if I can do anything with it
@SlaughterHaus said:
Very very beginner on pentesting in general, so I think I got the first user not sure, but nothing seems to happen, any advice?
If you have just run an exploit, you have RCE rather than a user as such. Enumerate to find the user.
@hackmenot said:
i was stuck on user j*y
found port 56
if someone can help, pls sent pm
Ask the server to provide you with the content stored on those ports. The name of the group you are in should give a clue as to where you should be when you ask.
@zerocrack said:
i have got the shell. But unable to figure out how escalate from w**-a to jy
Enumerate. You dont need a shell, you can do this all from the RCE but if you have a shell it might be easier.
Read the files and folders around where you have landed. Or read all the clues in this thread.
@vtib03 said:
Can I enumerate j***y with rockyou or I have to find another wordlist?
Wait, what do you think you need to crack with RockYou for that user account?
@b4dt34ch3r said:
Hi guys !
I’m kind of stuck. I got the “n***a” password from j***y, but I can’t find a way to access a webpage not in www/html. Am I missing something obvious ?
Possibly. You also dont have the right password.
EDIT : I found the open port on localhost but I don’t know if I can do anything with it
Yes, yes you can.
I logged in successfully as jo**** but now that I try to re-log I’m getting a “error in libcrypto” - is anyone else having this issue?
I can’t seem to run the initial exploit properly. I edited a few portions to have it spit out the directories and additional information. This is my first box, so I’m unsure of what things are supposed to look like. Looking at previous posts, I think I’m on the right path, just would like some confirmation of what I’m seeing.
@ChainBanger, I tried dumping the exploit in .msf4/modules/ but no dice, not sure what I’m missing on that route either…
Either the msf exploit is broken or it’s just because this box is gabage, use the sh one and I have a tool you can use for the rest (with suitable instructions given you run your own web server on the vpn). I had no luck getting it to open a shell for me through msf.
I followed this:
If then the default payload does not work I will leave this:
“An architect’s most useful tools are an eraser at the drafting board, and a wrecking bar at the site.” - Frank Lyod Wright
Type your comment> @ChainBanger said:
I can’t seem to run the initial exploit properly. I edited a few portions to have it spit out the directories and additional information. This is my first box, so I’m unsure of what things are supposed to look like. Looking at previous posts, I think I’m on the right path, just would like some confirmation of what I’m seeing.
@ChainBanger, I tried dumping the exploit in .msf4/modules/ but no dice, not sure what I’m missing on that route either…
Either the msf exploit is broken or it’s just because this box is gabage, use the sh one and I have a tool you can use for the rest (with suitable instructions given you run your own web server on the vpn). I had no luck getting it to open a shell for me through msf.
I followed this:
How to add a module to Metasploit from Exploit-DB - kali null - Medium
If then the default payload does not work I will leave this:
“An architect’s most useful tools are an eraser at the drafting board, and a wrecking bar at the site.” - Frank Lyod Wright
I already rooted it with the SH and a custom payload.