Need help for initial any hints much appreciated!
EDIT: This whole box is just… difficult…
On initial foothold - a few ports and shells to get to just get different parts through different mappings…
On PrivEsc - go learn the basic functionalities for the utility you going to see later after initial enumeration like mapping after logging in…
Good luck and all the best!!!
Finally managed to find something but still after that getting a shell or atleast RCE doesn’t work I am missing modules or compiled my code incorrectly
i have same issue for priv esc, port forward but still nothing, could someone pm me ?
I was able to enumerate and crack but i’m stucked to get the rce, any help ?
@pup said:
Can I PM anybody about privesc? always getJSON.parse: unexpected character at line 1 column 2 of the JSON dataEDIT: If someone got the same error, just use chrome…
Thank you @pup!!, ■■■■ firefox!! the web ui unable to show anything! – 2 days wasted!
Edit: Never mind. Just cracked one of them. If anyone needs advice about converting them to a format hashcat can understand, PM me.
Stuck on escalation and would appreciate a hint. I have port forwarding setup, but can’t figure out how to get in. Attempting to crack hashes from the .db file. They seem uncrackable.
@opt1kz said:
Stuck on escalation and would appreciate a hint. I have port forwarding setup, but can’t figure out how to get in. Attempting to crack hashes from the .db file. They seem uncrackable.
No cracking required. Go google the item’s HTTP api readme
Many of the first steps weren’t very welcoming though and the odd 200 responses maybe were not so “realistic” either, whatever realistic even means. Anyway, I still think this was a fun box, thank you @incidrthreat and @Mumbai , I learned lots of new tricks and burp-fu. Root privesc was fun 
nvm. rooted
Need some hint for initial foothold
this box boiled my brain. and it feels good, hehe. cuz i finally got root.
on initial foothold - user input is the key, guys.
privesc is much much easier.
thank you, @incidrthreat and @Mumbai
Could it be that some serious cracking is required to get a foothold? Am I using the wrong wordlist?
I’m not sure if should torture my poor CPU that much … PMs are welcome.
EDIT: cracked one of the hashes which took a few hours without a GPU. Thanks to @AmiToLotto for the hint.
Hi all.
I have user, and I think I know what to do for the last bit. I have one question about access to a certain port - what I usually do doesn’t work here. I would be grateful for a pm so I can ask a question without spoiling here
Just rooted it, very fun machine, congrats to the creator.
Rooted! This was a GREAT learning experience. So many different things to do
For those who have problems with web server enumeration because of random answers, i can recommend wfuzz. It provides loads of options for filtering web server responses.
E.g. the following command fuzzez the target with data from the wordlist and hides all responses with http status code 400 or those that contain only digits (specified by a regular expression).
wfuzz --hc 400 --hs '^[0-9]+$' -w wordlist.txt 'http://target/FUZZ'
Documentation for the tool can be found here:
https://wfuzz.readthedocs.io/en/latest/