Disscussion Starting Point
I’ll just be sitting here praying this is another OSCP-like box (this guy has a great track record) and not another CTF “guess the box” shitfest like we’ve seen waaaaay too often recently. ~1hr to go!
Let’s get it guys! Im excited.
On free i can’t even run a gobuster…i guess i’ll wait…
anyone know if /js thing has anything to do with it
found a key and a password, not sure if its troll
Type your comment> @gokuKaioKen said:
found a key and a password, not sure if its troll
same here, in config files?
@EmmaSamms … right
Service Temporarily Unavailable, on index.php anyone else getting that
lol its nuked
Well I’m stuck, right after getting assumed creds and having the admin login panel. Guess I’ll wait/research until some hints pop up :))
Has anyone found valid admin credentials? Hydra found two but they’re both wrong, also I too found mysql root creds and some weird crypo key
Well, i found 2 admin session IDs but none of them work
Type your comment> @Informatiger said:
Has anyone found valid admin credentials? Hydra found two but they’re both wrong, also I too found mysql root creds and some weird crypo key
i think the pass is encryped and can be decrypted using that key but i dont know the syntax.
Spoiler Removed
Any nudge on from people who already got user on how to decrypt the m****** pass?
rooted.
hint for root: don’t overthink it, it’s obvious after basic enum
@AndreiPintea said:
Any nudge on from people who already got user on how to decrypt the m****** pass?
pm me
Great box 
Glad I had opportunity to get familiar with pwning Magento
User: not every password is a swag, make yours
Root: basic enumeration and understanding of Linux system