Wall

Spoiler Removed

Spoiler Removed

Type your comment> @krisd4 said:

you could describe the METHODS using only about six VERBS, if you GET what I am saying…

that’s almost spoiling :wink:

Type your comment> @rheaalleen said:

https://www.youtube.com/watch?v=7NjNL4Nsa4Q

Loving the box so far

From that video, it’s almost as if you were suggesting that we now turn to the pols.

Got the login, but exploit isn’t working.
Do we have to modify the exploit? Tried various rev shells methods, nothing seems to work

@Splinterdav hint for user/pass combo?

Type your comment> @Splinterdav said:

Got the login, but exploit isn’t working.
Do we have to modify the exploit? Tried various rev shells methods, nothing seems to work

Yes, a modification is needed, but I’m having trouble with the correct rev shell too xD

Type your comment> @krisd4 said:

@Splinterdav hint for user/pass combo?

Well, it is pretty common. I guessed it by trying basic high priv usernames with passwords from a common password list.

struggling from the rce i can’t get rev shell
any hint ! :cry:

anyone who has rooted it please pm me
i am struggling to get the correct payload to get reverse shell to get command execution
help me

Anyone who needs hints related to brute-forcing the C******* can ping me…I have an easy way :wink:

cracked the c**********, now python CVE not working… tested, using right ip and port , the script says it is triggering succesfully, but nothing is hitting my listener any ideas?

hint for inital foothold:
If you plan to do without script. Learn the application, abuse what you can do.

Rooted. Pretty disappointed with this one. Thanks to the creator, regardless.

currently stuck with /p****.*** , /m*********/ and a*.*** , any tips? been seeing some tips floating around about verbs / teachers? no idea what thats about, maybe be more specific. thanks

Type your comment> @tabacci said:

In this box both exploits did not work for me. But after repairing they work well.
So consider that as a part of the game and happy rooting :wink:

I’m also kind of stuck here… any hint’s on how to repair? (I guess it has to do with changing the value of n*****_b**)

Type your comment> @tabacci said:

In this box both exploits did not work for me. But after repairing they work well.
So consider that as a part of the game and happy rooting :wink:

Its not that they didnt work bro - it had m**sec***** installed …
and second exploits did work perfectly fine for me

i am stuck on www-data shell any hint pls !

Rooted. This box was weird and a bit annoying… Privesc felt like cheating but what I used seemed to be placed there on purpose by the box creator. I exploited c*** manually instead of repairing, reading the code reveals how it can be done.