Writeup

Type your comment> @arsmo90 said:

Hello, been stuck on this one for a few days. I got to /w******/a********. I am not sure what my next steps are. Found a****. Not sure how to find hashes. Any nudge in the right direction would be appreciated.

forget the admin… try to find CMS vulnerability and exploit…

Hello ! I need some hints, the python script return an string empty of characters that i think i’ve gone down the wrong path or don’t set the T**** var efficiently… Can you PM me plz ?

Rooted! With some help!
nudge me if you need any help.

Started with easy boxes. This is the best so far. The user and root were actually possible to discover without being used to CTF-puzzles.

User: How to enumerate website without fuzzing about it? After that pretty CVE.
In addition to previous tips by other users:
Root: When I search places I have write-access to, why do I get permission denied?

I got the user, the hash and the salt. How can I decrypt that?

Type your comment> @MacCauley said:

I got the user, the hash and the salt. How can I decrypt that?

With the same tool you have add the decryption…

Got User. My advice is to use google and find some useful scripts/tools.

Now for root…

got root. Would appreciate a DM to talk about my method, didn’t feel that hackerman to me.

Is there two ways to privesc? I saw the P**H link from the lazy box someone put as a hint and the pspy route. I went the hidden route method. Anyone do both?

Btw love the earlier comments about getting user and it being from a movie. So true!!

where can i use my u*** / p*** from d******e?

edit: i got user

found what I believe is the right exploit for user. However, can’t find the right value needed to make it run. got it!

Now working on root. Think I see the process I need but not sure where to go from there

Type your comment> @p0n said:

Type your comment> @0xAMS said:

do you need creds for the exploit?
because none in searchsploit that do not require authentication worked for me

No creds needed. A simple google search and a quick scanu of the results should be enough

I am stuck after spidering the target on burpsuite. Could you give me a nudge in the right direction? I found a couple of usernames for SSH but bruteforcing passwords doesnt seem to work.

@vider said:
@MacCauley said:

I got the user, the hash and the salt. How can I decrypt that?

With the same tool you have add the decryption…

I find that to be slower than using hash***

.

Hi. Looking for a nudge for root. I’ll try to explain without revealing any spoilers… I’ve been looking at p*** for a while. I see what happens when someone shows up. Thinking I need to make u**** do something else, which I’ve managed to do but not by the right user. I’ve found a place I can write to that looks promising, , even if I can’t see it. Any suggestions? Thanks!

@TheHackerKid said:
I am stuck after spidering the target on burpsuite. Could you give me a nudge in the right direction? I found a couple of usernames for SSH but bruteforcing passwords doesnt seem to work.

Look at every line in the pages you found. It will tell what to search for.

I have found the salt and hash. Tried using has**** to crack them but getting status exhausted. What am i doing wrong? thanks

sometimes stuff is not always what it looks like @yayo123
try to see if you can crack it online cuz ppl who have solved it might have put the hash online and your work is done.

Guys, Have gotten the user flag, but stuck with root…have ran the pspy but don’t know what to look in it , have seen the ippsec lazy video tried replicating it but no luck. Can somebody help me…I am struggling with root.