To the person who deleted my ****.bat file just as I was about to get root (after spending the best part of 12 hours on the box) and replaced it with your own .bat file, thanks.
In the nicest way possible (if this applies to any of you), please don’t just randomly delete files, it’s not just you on your own per VPN server.
Although it wont help you in this instance, its a good idea to try and come up with unique and unusual names for attack files - this reduces the risk someone else will create something with the same name.
On this box, everyone seems to be using evil.bat…
Agreed. Been doing that for the last couple of days and, fingers crossed, been working so far!
User: very straight forwarded, open your eyes, and check well known places for help
Root: due to guys bruteforcing and resetting this box for no reason a real headache, read the documentation and make use of it, there’s absolutely no need to reset, reload, or whatever this box to get root
Root was much more difficult than i thought after getting User.txt and vulnerability to be exploited for PrivEsc.
I hear a lot of people complaining about other users deleting their files… MAYBE it is some kind of AV on target?. And do you really need a shell to accomplish your goal?
I got user last week, revisited and got root. However the flag was not “correct” - I think that this is due to rotating hashes on the background to prevent cheating. Anyways - I reset the box, and it’s not staying up for 5 min straight for me to retrace my steps!
Can someone who’s rooted this box the CLI route give me a message? I’ve managed to root this box, but after revisiting the box to do my writeup i haven’t been able to the same way.
I can provide the hash I obtained at the time for proof or it can be seen on my profile. Cheers.
I’ve seen a lot of negativity towards this box, but have not over the last few days experienced any of the issues stated. I use a VIP subscription, maybe that has been the difference.
However, there are ways to root this box and ways not to. I’m not sure on the rules for submission, but I can’t for one second believe that rebooting a machine is allowed, so if a script that you find on a very popular database says to do this, I would probably start thinking there must be another way. I wouldn’t reboot the machine and upset other hackers. Just my thoughts, but that’s how I perceive it.
Otherwise, thanks for a really interesting box @dmw0ng , thanks also to @VbScrub and @LOLOLEKIK for getting me over the final hurdle.
I had to take a hint or two to get root on this one, but just want to say people are being too rough on this box. I’m sure at release with a lot of people reading a certain exploit, that it got reset and jumbled a lot.
I had a good time refreshing certain skills and learned a bit.
Nmap told me up front about a port that you check out its content for free After looking at what this server’s main purpose is, google the service. You’ll find a nice PoC on DB. Knowing windows paths will help.
Usuario: CVE y enumeración simple.
root: La verdad que no es necesario acceder a la web de ********++, ni seguir al pie de la letra el exploit encontrado, solo es cuestión de entender como funciona la vulnerabilidad. Recuerda que tiene una API, una lectura a la guía es el mejor camino. Luego de ello sabrás que ni es necesario reiniciar nada. Good Luck!
This is very frustrating, I know what I need to do regarding “the service” for root, I have my .b and n.e* on the box.
My struggle here is the whole driving through the tunnel stuff, can someone provide a useful resource to read up on this? (I have never done it before).
The other approach was reading the docs for the service, but I don’t seem to be able to change anything from the cmd either
[UPDATE] NM Rooted! This box is a pain in the ***.
Anyway, for root, use the api, the webui is a joke
Hi all,
just wondering…
As the 80 and 443 are not open when i did my reco.
How a website can run in http://10.10.10.184 ? i don’t understand …
thanks for your replies
