Writeup

deLjke · June 21, 2019, 2:44pm

The second day I try to get root. Give me a hint on PM plz.

hansraj47 · June 21, 2019, 3:02pm

There is a ton of data over there and i dont know what i should be looking at.

Rexzyy · June 21, 2019, 3:17pm

Rooted! Took longer than I’d like to admit, feel free to pm if you need a hint! Thanks to those that provided me a little guidance

d0n601 · June 21, 2019, 4:57pm

Type your comment> @deLjke said:

The second day I try to get root. Give me a hint on PM plz.

same boat

Cyb3r3x3r · June 21, 2019, 7:06pm

I tried the exploit related to cms to get the creds but after decrypting the hash it doesn’t work on the login at w******/a****. Any Hint?

Budderhoernla · June 21, 2019, 8:48pm

Finally root, took some time to figure it out, but once you “see” the attack vector its surprisingly easy… PM if you need a hint…

TahaRavvaha · June 21, 2019, 8:51pm

Found a**** panel, and enumerated a bunch of directories (other than the usual) in /w******/ . No idea what to do next or how to find creds. Need help pls.

Rexzyy · June 21, 2019, 11:21pm

@Cyb3r3x3r Who said those had to be used there? Have you tried to use those in a similar place that you do apt-get from?

d0n601 · June 21, 2019, 11:41pm

So now we’re changing the password on here? Is this Netmon all over again? Why people…

scottmorrison · June 22, 2019, 3:17am

All of the answers are present within this forum, but ill put in my 2 cents:

User: Robots are your friend, love thy robot. Once you know what the website is running next find your exploit. If your having trouble cracking the hash, have a look at the exploit to see the format of it. (Also you don’t need john/hashcat)

Root: As everyone has said have a look at the processes, you will find something peculiar. But don’t get your nose too close to the ■■■■ hole as you can easily get stuck fucking around. Remember Padawan the PATH to success is right in front of you!

Last but not least dont fkn copy the root flag to /tmp, spend the 2 mins getting a reverse shell or just use cat.

Thanks @jkr dope box

acidbat · June 22, 2019, 4:31am

Finally got user, thank you @jkr for the machine.
Also a big thank you to @1uffyD9 and @Sudi

hansraj47 · June 22, 2019, 4:36am

I tried to enumerate processes running as root and everything looks peculiar.

hansraj47 · June 22, 2019, 4:40am

Sometimes i wonder why we cant programmatically accomplish priv escalation.

hansraj47 · June 22, 2019, 4:47am

Type your comment> @Cyb3r3x3r said:

I tried the exploit related to cms to get the creds but after decrypting the hash it doesn’t work on the login at w******/a****. Any Hint?

If you decrypt the salt and hash properly using rockyou, you will get the password. If its not working at the link u provided, see where else you can use the creds.

Cyb3r3x3r · June 22, 2019, 5:10am

Type your comment> @hansraj47 said:

Type your comment> @Cyb3r3x3r said:

I tried the exploit related to cms to get the creds but after decrypting the hash it doesn’t work on the login at w******/a****. Any Hint?

If you decrypt the salt and hash properly using rockyou, you will get the password. If its not working at the link u provided, see where else you can use the creds.

yep i got that…thank you

HitDifferent · June 22, 2019, 5:38am

Really struggling to get root, would appreciate a nudge via PM. Thanks

salute101 · June 22, 2019, 11:57am

guys i did port scan and http port is closed for me and all of you talk about hints in web pages so i wonder what is the issue. in TCP i see ssh open only and udp scan is in progress. PM plz

SaThaRiel74 · June 22, 2019, 11:58am

http is open normally - at least it was for me. Box may need a reset.

salute101 · June 22, 2019, 12:06pm

ok the the writeup box is not active on VIP beta , dont know if admin knows about it.

webjayant · June 22, 2019, 1:37pm

Finally it’s done…