Posts: 104 Threads: 0 Joined: N/A (July 15, 2022, 06:09 AM)fironeDerbert Wrote: (July 15, 2022, 05:03 AM)rootntoot Wrote: (July 15, 2022, 04:05 AM)ryzen Wrote: (July 15, 2022, 03:07 AM)rootntoot Wrote: (July 15, 2022, 03:04 AM)mceye Wrote: Cookie:api_token=98d7f87065c5242ef5d3f6973720293ec58e434281e8195bef26354a6f0e931a1fd50a72ebfc8ead820cb38daca218d771d381259fd5d1a050b6620d1066022a
yeah ive got that in, im trying it at /api/v4/logs/get, anytime i tried going to logs.amzcorp.local i got redirected to jobs.amzcorp.local
I got some logs using the logs.amzcorp.local endpoint as the url param while making a post request to /api/v4/status.
Haven’t made any sense of the logs yet.
it just seems to be the http logs from the websites, only really useful thing i could find is company-support.amzcorp.local/users/tickets/create it doesnt give access denied but i also havent been able to figure out what to send yet
To get second flag you have to decode the begining of the BASE64.c00.xyz hostnames you'll get the flag and a lot of shell output i already got what about flag 4 you got that Posts: 132 Threads: 0 Joined: N/A (July 15, 2022, 06:14 AM)hacker1111 Wrote: (July 15, 2022, 06:09 AM)fironeDerbert Wrote: (July 15, 2022, 05:03 AM)rootntoot Wrote: (July 15, 2022, 04:05 AM)ryzen Wrote: (July 15, 2022, 03:07 AM)rootntoot Wrote: yeah ive got that in, im trying it at /api/v4/logs/get, anytime i tried going to logs.amzcorp.local i got redirected to jobs.amzcorp.local
I got some logs using the logs.amzcorp.local endpoint as the url param while making a post request to /api/v4/status.
Haven’t made any sense of the logs yet.
it just seems to be the http logs from the websites, only really useful thing i could find is company-support.amzcorp.local/users/tickets/create it doesnt give access denied but i also havent been able to figure out what to send yet
To get second flag you have to decode the begining of the BASE64.c00.xyz hostnames you'll get the flag and a lot of shell output
i already got what about flag 4 you got that kdeespino, can you help us on flag 3 so we can help you to work on the 4 ? Posts: 104 Threads: 0 Joined: N/A (July 15, 2022, 08:26 AM)fironeDerbert Wrote: (July 15, 2022, 06:14 AM)hacker1111 Wrote: (July 15, 2022, 06:09 AM)fironeDerbert Wrote: (July 15, 2022, 05:03 AM)rootntoot Wrote: (July 15, 2022, 04:05 AM)ryzen Wrote: I got some logs using the logs.amzcorp.local endpoint as the url param while making a post request to /api/v4/status.
Haven’t made any sense of the logs yet.
it just seems to be the http logs from the websites, only really useful thing i could find is company-support.amzcorp.local/users/tickets/create it doesnt give access denied but i also havent been able to figure out what to send yet
To get second flag you have to decode the begining of the BASE64.c00.xyz hostnames you'll get the flag and a lot of shell output
i already got what about flag 4 you got that
kdeespino, can you help us on flag 3 so we can help you to work on the 4 ? kdeespino ? btw you'll get hint for flag 3 on logs from where you get flag 2 Posts: 23 Threads: 0 Joined: N/A July 15, 2022 at 12:19 PM look logs for Tyler and urlencoded password. Also look for the /.git and dmp it . then see the commits and look for info and vulnerability. Posts: 27 Threads: 0 Joined: N/A Any ideas with tom's hash?
tom:$6$uUyJe0OuP6ef7rWH$OJ6QE0M.viY.fay4hJuwTrEiOEZoH7yhrlErjBM/VxiikK7PkLibf8xbQiogWiVvHOH8mEG1ItylF36eTxMpz/:19032:0:99999:7::: Posts: 104 Threads: 0 Joined: N/A (July 15, 2022, 01:38 PM)htb_col Wrote: Any ideas with tom's hash?
tom:$6$uUyJe0OuP6ef7rWH$OJ6QE0M.viY.fay4hJuwTrEiOEZoH7yhrlErjBM/VxiikK7PkLibf8xbQiogWiVvHOH8mEG1ItylF36eTxMpz/:19032:0:99999:7::: rabbit hole leave that Posts: 27 Threads: 0 Joined: N/A (July 15, 2022, 01:43 PM)hacker1111 Wrote: (July 15, 2022, 01:38 PM)htb_col Wrote: Any ideas with tom's hash?
tom:$6$uUyJe0OuP6ef7rWH$OJ6QE0M.viY.fay4hJuwTrEiOEZoH7yhrlErjBM/VxiikK7PkLibf8xbQiogWiVvHOH8mEG1ItylF36eTxMpz/:19032:0:99999:7:::
rabbit hole leave that from the moment I passed rockyou and there was nothing, I guessed it, thanks, any ideas for flag 3? Posts: 104 Threads: 0 Joined: N/A (July 15, 2022, 01:49 PM)htb_col Wrote: (July 15, 2022, 01:43 PM)hacker1111 Wrote: (July 15, 2022, 01:38 PM)htb_col Wrote: Any ideas with tom's hash?
tom:$6$uUyJe0OuP6ef7rWH$OJ6QE0M.viY.fay4hJuwTrEiOEZoH7yhrlErjBM/VxiikK7PkLibf8xbQiogWiVvHOH8mEG1ItylF36eTxMpz/:19032:0:99999:7:::
rabbit hole leave that
from the moment I passed rockyou and there was nothing, I guessed it, thanks, any ideas for flag 3? check above msg no. #37 Posts: 27 Threads: 0 Joined: N/A (July 15, 2022, 01:51 PM)hacker1111 Wrote: (July 15, 2022, 01:49 PM)htb_col Wrote: (July 15, 2022, 01:43 PM)hacker1111 Wrote: (July 15, 2022, 01:38 PM)htb_col Wrote: Any ideas with tom's hash?
tom:$6$uUyJe0OuP6ef7rWH$OJ6QE0M.viY.fay4hJuwTrEiOEZoH7yhrlErjBM/VxiikK7PkLibf8xbQiogWiVvHOH8mEG1ItylF36eTxMpz/:19032:0:99999:7:::
rabbit hole leave that
from the moment I passed rockyou and there was nothing, I guessed it, thanks, any ideas for flag 3?
check above msg no. #37 ok, thanks... Posts: 132 Threads: 0 Joined: N/A There is creds in the git: ecs = boto3.client('ecs',aws_access_key_id="ASIAGCB1NKN8SCJOVP2K",aws_secret_access_key="tOzF/tLK3S3CNsXfj0mjPsIH2iCh5odYHMPDwSVxn7CB5",region_name="eu-east-1",endpoint_url='http://cloud.amzcorp.local')
You can use them like this: apt-get install awscli
aws configure
enter the creds
aws --endpoint-url http://cloud.amzcorp.local ecs help
This give a new user called "rebecca" |
