@warendoz said:
Could someone give me a nudge please?
I got the interesting data when i did some curls.
Then I asked my friend john to take a look at the data and he said that he was going to rock it but then came up with nothing in the end.
Am I missing something? It doens’t seem like a rabbit hole to me.> @bertalting said:
Could someone give me a nudge please?
I got the interesting data when i did some curls.
Then I asked my friend john to take a look at the data and he said that he was going to rock it but then came up with nothing in the end.
Am I missing something? It doens’t seem like a rabbit hole to me.
did you asked john to convert your interesting data into something readable for john ?
yes i did use *2john.
Check your syntax. What you have used is correct and should give you the answer.
@warendoz said:
Could someone give me a nudge please?
I got the interesting data when i did some curls.
Then I asked my friend john to take a look at the data and he said that he was going to rock it but then came up with nothing in the end.
Am I missing something? It doens’t seem like a rabbit hole to me.> @bertalting said:
Could someone give me a nudge please?
I got the interesting data when i did some curls.
Then I asked my friend john to take a look at the data and he said that he was going to rock it but then came up with nothing in the end.
Am I missing something? It doens’t seem like a rabbit hole to me.
did you asked john to convert your interesting data into something readable for john ?
yes i did use *2john.
Check your syntax. What you have used is correct and should give you the answer.
I got the location of config files… But unfortunately not able to see or download them… I am very new to this and would appreciate if anyone can point me to the right direction
Foothold: ***console won’t work, but look at it anyway. You need to build your own exploit. Find the .sh-script and alter it to your needs.
User1: ls and cat is all you need to find all you want.
User2: Don’t look in the distance, return to the region where you came from and find something new.
root: The easiest part, just look for what you can do and you’ll figure it out.
Just completed. This is currently the easiest machine in the active set.
Number of hints here is already more than enough so I will not add anything extra.
Just keep in mind that everything is really simple here. If you make something complicated then this is a rabbit hole.
Just rooted - took my whole sunday (my second ever box!) user1 - lazy web admin, user2 - how can I run this as a different user? root - now that I can do this, can I somehow link it to open something else?
If this is too obvious please remove as spoiler!
root@openadmin:~# id
uid=0(root) gid=0(root) groups=0(root)
I enjoyed this box. It allows us to put into practice a few things we’ve watched IppSec do on earlier machines. IppSec Rocks!! Even the last part I stumbled about at.
I think I was still opening up CherryTree and Burp at the 11minute mark of first blood!! Do you guys use a wad of custom scripts or just have so much experience and super fast typing skills?? Amazing!
rooted, pretty fun box, especially good for beginners, because it covers a lot of the fundamentals.
user: enumerate the obvious, look for a certain webpage, the name is a big hint, then search for a public way in. After that look for a new ‘page’ and the box doesn’t always listen on port 80.
root: look for what you can run as root, then gtfo bins
my pms are open if anyone needs a nudge
EDIT:
I have a lot of messages so sorry if I accidentally passed yours over, Im having some trouble getting to all of them, so Im sorry if it takes a while
rooted, pretty straight forward box. made a few stupid mistakes but no custom exploitation needed. on EU servers a little bit unstable and too much resets
Hi guys! This box makes me sweat. I just can’t find a foothold. I used gobuster to find a clue, but it was inconclusive. nmap only shows 80 and 22 ports. I am desperate because I don’t know what to rely on. Give a hint please.