Hi,
Can someone DM me, I got usual three results of dirbuster, but do not get c****** and /s*****-s*****. Should I wait more to finish or there is another way?
Thanks
nvm got needed page
Rooted 
Thanks @askar for the machine and nice find 
First part is the most difficult, there’s one challenge on HTB that could help you for the initial foothold
Second part is easy peasy if you enumerate correctly and google things that don’t look common.
Hints on the forum should be enough to complete this box but still you can DM if you’re struggling
I’m struggling a bit with the loggin with the exploit, tried to modify it but seems like it isn’t working…
I got the poller t***n, and correct credentials, even the listener but my machine can’t recieve any data…
If anyone could give me a hand i’d appreciate it since I dont know what am I overlooking
How do you get the credentials for this c********? Brute Forcing with Burp already, but without success.
Since there is no need to brute force, I wonder how to find out the credentials.
Type your comment> @Cli3nt said:
How do you get the credentials for this c********? Brute Forcing with Burp already, but without success.
Since there is no need to brute force, I wonder how to find out the credentials.
better to write your own script and be careful regarding the CRSF token
Rooted. What a piece of utter garbage.
Type your comment> @ad1337 said:
Rooted. What a piece of utter garbage.
■■■■. Why so much hate? Lol. I get @asker made a box with some annoying “walls” to climb, but in frustration comes education. When you distill this box down it exercises some pretty fundamental pentest skills. No matter your status you can never practice the fundamentals enough. So yes. This box forced you to climb some “walls” but these walls were not that major and they forced you back to basics. In that way this is a great box. I very much enjoyed the fundamental principles and practice.
Someonw who already rooted this can PM me? I’m totally lost. I found the php files and the login page, but I have no clue how to proceed. Also, I do not get the English class reference at all…Please someone?
@c1cada said:
■■■■. Why so much hate? Lol. I get @asker made a box with some annoying “walls” to climb, but in frustration comes education. When you distill this box down it exercises some pretty fundamental pentest skills. No matter your status you can never practice the fundamentals enough. So yes. This box forced you to climb some “walls” but these walls were not that major and they forced you back to basics. In that way this is a great box. I very much enjoyed the fundamental principles and practice.
He didn’t make annoying walls. He just created a self-advertisement.
Apart from the initial foothold which was interesting and definitely had a learning-experience, the later part - and I’m especially talking about rooting the box - is totally uninspired and required zero effort (both for him and the attacker).
It’s just comes down to a random exploit, that has nothing to do with the previous findings, or requires any skill besides “basic enum”. And I’m sorry to say that, but “basic enum” & browsing exploit-db is nothing that should reward you with 30 points.
Rooted! Thanks @zalpha & @toka . DM, if need a nudge.
I’m a noob, Ive found the api but can someone PM me with how to interact with it. I haven’t worked with an api before. Currently I’m just fuzzing it but essentially I need some help, or a link. Thank You
rooted.
Initial shell was a pain. got user and root with one exploit. not sure if it was the intended way.
I_Feel_Satisfied when learned the trick to bypass the wall, hope it’s not a spoiler
Thanks @askar
Can someone PM me how to brute-force c******* login page?
Can I please get a hint on how to deal with m********?
I tweaked the python exploit, it saves the payload (I can see it in the UI) but I don’t get a connection back, although it works locally. Any help?
Someone could please send some hints in PM how to twinker the python script?
I need a hint for the repair of the exploit please.
Hi guys, is there someone who can tell me how I can get the credentials for C******** ?
I already used Hydra for bruteforcing, I tried bypassing, I tried the default credentials of the service.
I’m stuck here for a while.
Edit: I have found the password manually!
I hate when all of you talk about how easy the privesc is because that means I sit here and never figure it out and feel dumb.