Realist

Hey all,

Could somebody validate that this challenge is still in good state ? I’ve gotten root to the box and have access to the suggested GUI through the use of a certain account, for the purpose of not giving out spoilers lets just say its Mark’s account... In other words, I’ve got complete access, and its not the right flag? which is weird to me... Am I not seeing the bigger picture ? I feel like i’m wasting time for literally nothing, as I have root on the machine ... ( I validated the machine via CTF of the day twice btw).

Just telling me there is nothing wrong with the machine would help, thanks !

Yout have to retrieve the account used to authenticate on the IPBX GUI. Validation’s password should be entered as username:password.

Do you have the username and the password of the administration platform ?

Yes I do, and it works, i have admin access to the freePBX. I’m one of the admins on the platform, username starts with an s. I understand the format, but it doesn’t seem to match, so I don’t know why i’m getting the wrong password tbh, as it does work on the platform. that is why i’m asking if anyone could boot up the box and retest the steps to see if they still get the same result. it seems this machine was copied from another platform, and the artifacts are very similar. I hope i’m not spoiling to much here.

same here.
Are we supposed to crack the admin login sha1 hash?
best regards

No. You don’t need to crack hash.

Same here too...

Rooted the box, have administrative access everywhere, no combination of credentials seems to work as the flag but seeing mention of other accounts suggests we’re meant to find a particular account?