Writeup

Xentropy · June 9, 2019, 10:34am

For people stuck on the hash, either use “the tool”'s script or alternatively use hashcat. I’m sure you can make john work somehow but getting hashcat to handle the salt correctly was a lot more straight-forward.

FlameOfIgnis · June 9, 2019, 10:45am

I have never seen the exploit needed for root to be triggered this way, its not always that everyone can learn something from an easy box. My thanks to @jkr

PwrZer0 · June 9, 2019, 11:18am

Okay I enumerated port 80 and found the /w****** and with wapp****r i found a particular C** ma** Sim** but how can I exploit this please PM me and help been stuck for a day banging my head against the wall

tykz · June 9, 2019, 11:38am

I guess I am getting good at solving boxes. Keeping things organized helps a lot. Thanks @jkr for your efforts to build the machine.

for user: find the application type/technology, search for exploits on google.
for root: use some tools to snoop on processes and observe file-system changes.

Of course I know that these things I said are very simple, but sometimes people forget to consider them.

HackSh00t · June 9, 2019, 11:55am

I’ve managed to run the exploit and get some creds emails and a salt. I’ve tested the creds in many ways in the web login thing and in the ssh too.

I feel like I’m doing something wrong, am I in the right direction? I will appreciate some hints

Xentropy · June 9, 2019, 12:34pm

Some people are having issues with cracking because what they’re getting out of a popular tool isn’t valid data despite looking like it. Make sure everything the tool gives you looks right. I don’t know if it’s caused by server load or what but if you’re struggling here just consider that as a thing that may be happening.

Pois0ning · June 9, 2019, 1:14pm

Can someone help with the password? Each time I run the script have a different result. PM please.

CAL10MM · June 9, 2019, 1:19pm

This box is really exposing my enumeration scrubness. I haven’t been able to find a thing without dirbuser, etc.

fail.gif.

sm0n6 · June 9, 2019, 1:19pm

Type your comment> @Paggm said:

Can someone help with the password? Each time I run the script have a different result. PM please.

Think of what type of vulnerability you are exploiting and how it finds the correct character. What about network delays?

mab · June 9, 2019, 1:28pm

Hej,

I need some help with root. Used *py6 and found a returning event. Found some directorys where i can write but not list files.

Help would be appreciated <3

sm0n6 · June 9, 2019, 1:28pm

If you cannot run dirbuster or other enumeration tool it means something else. Stop resetting the freaking box

Zer0Code · June 9, 2019, 1:31pm

Type your comment> @Paggm said:

Can someone help with the password? Each time I run the script have a different result. PM please.

same issue here

Edit & Hint : OK , Its related to connection stability ,you can break down the exploit and rerun every single piece to confirm or you can play with the time a bit , It will take longer but better results .

Got User .

spido690 · June 9, 2019, 1:49pm

Type your comment> @TheZeroCode said:

Type your comment> @Paggm said:

Can someone help with the password? Each time I run the script have a different result. PM please.

same issue here

Try to tweak the script, timing is the key

notebook · June 9, 2019, 1:53pm

Type your comment> @TheZeroCode said:

Type your comment> @Paggm said:

Can someone help with the password? Each time I run the script have a different result. PM please.

same issue here

try to run the script with a password file

sm0n6 · June 9, 2019, 2:26pm

any advice on getting root? ps6 shows a call to c****.pl but seems that cannot be leveraged

notebook · June 9, 2019, 3:02pm

Spoiler Removed

notebook · June 9, 2019, 3:12pm

Type your comment> @Seepckoa said:

Type your comment> @godzkid said:

Type your comment> @sm0n6 said:

any advice on getting root? ps6 shows a call to c****.pl but seems that cannot be leveraged

having same problem really having hard time try to get the root someone please pm me the root flag

I have the same problem, the file does not want to execute to try the reverse shell.

why you require reverse shell

amk2 · June 9, 2019, 3:13pm

Can anybody drop a hint on root? Tried using p**y but can’t seem to find anything interesting.

dividebyzer0 · June 9, 2019, 3:17pm

Type your comment> @godzkid said:

having same problem really having hard time try to get the root someone please pm me the root flag

Did you seriously just ask for the flag?

Tell you what… if you can decrypt this, you’ll know what you need to do to root this box.

Ubj nobhg lbh chg va gur rssbeg naq QB VG LBHEFRYS lbh ynml cvrpr bs fuvg?

notebook · June 9, 2019, 3:18pm

Type your comment> @amk2 said:

Can anybody drop a hint on root? Tried using p**y but can’t seem to find anything interesting.

i think we have to use clel and py and li**h these three are the only which can help us to get root i was told by a guy who already got the root flag but he is offline now