Curling

1202123252632

Comments

  • @BazSecOps said:

    @0v3rride said:
    Also stuck at this part. I've tried changing the content of the i***** file many different ways.

    I'll send you same PM in a sec.

    Hi, could you help me as well?

  • @StamGR said:
    Hi, could you help me as well?

    Check your PM

  • edited January 2019

    anybody had trouble in decryption after getting the final piece using process alias to hostname

  • edited January 2019

    Got user on this box today after ~2 days of fiddling around. I've only done stego challenges on htb before so this was involved quite a bit of research and trial/error. Getting my first reverse shell felt great.

    +4 more hours to figure out root. Thanks to all the great hints/direction in these comments

  • Got p******_b*****. I found out what kind of file it is, but I can't decode it. Any hints would be appreciated. Thanks

  • @Silento said:
    Got p******_b*****. I found out what kind of file it is, but I can't decode it. Any hints would be appreciated. Thanks

    edit : Got user.txt :+1:

  • Hi! I uploaded the reverse shell for j***** but when I try to access to it, It is in blank, I can't figured out what is happening, pm me if you have any idea, I'm done with that...

    Thanks in advance!

  • edited January 2019

    root.txt at last ,Thank you very much for your advice and patience to @clmtn @lcw

  • edited January 2019

    I could really use some help getting the root.txt
    Could someone PM me with a hint or two?

    --- all done! Thanks to @zz123 for the hint.

  • Can some one pm me ? I need help😋
  • Got root! Thanks to all the hints! This was my second box and I am generally a newcomer in pen-testing. So if someone, more experienced, would like to help me understand better the mechanics behind this please PM me.

    raptorfx

  • This is my first box, I am a little stuck. I got into the admin panel, but can't figure out how to get a shell. Any help will be appreciated!

  • Need help with priv-esc got user.txt
    Could someone PM me with a hint or two?

  • i feel like such a script kiddie. need help please pm

  • i'm confused by user or i'm over complicating things, can someone assist?

  • Rooted. Excellent Box. I took away some awesome knowledge from this. ty <3

    Treelovah

  • I got the user flag pretty easily.. Stuck with how to get root now. I know I have to use c*** and the w***a**** area but I'm just not sure what to do.. A PM would be appreciated. =)

  • edited January 2019

    got root, much more simple than you think it is. PM me for a hint.

  • R00t3d but no shell, can someone help me on this part? I also wonder if I used the right thing to read the flag.

  • Managed to log into console, to gain shell is it a case of uploading one or am I overlooking something else that can be used used to connect. Not overly familiar with Joomla. A PM with a nudge in the right direction would be most appreciated.

  • Never mind, got there in the end, have user.txt now for root :)

  • edited January 2019

    Hey, guys got the user.txt, working on root but found nothing useful tried some traditional privesc but nothing worked. Any hints would be useful. Please PM me for any hints. Any kind of help will be appreciated.

  • Hi Guys, New to all of this, done one other Machine before this "ACCESS". I'm curious, I scanned the ports and services, so I know what ports are open etc and what types of services are running behind. Noticed something about joo*** so I went on the website and was told to analyse the p** looked at that and have noticed the user that was editing it all. But where do I go from here. I know nothing about PHP. If anyone also has any material that would help to learn all of this stuff I would greatly appreciate it even more. Thanks Guys, great community :D

  • edited January 2019

    I wouldn't say you have to learn php to gain access to this box, although it really will help you in the future, id suggest studying up a bit on it.

    In the meantime you are definitely on the right track, I would continue to use google like you used your jizz sock back in the day. umm is that weird? no right? Just keep going your almost there, google more for php exploits on Joomla (version) look for previous vulnerabilities that have been used, search for anyway into this machine. If you have any further questions pm me with the steps you've taken.

    Treelovah

  • @Treelovah said:
    I wouldn't say you have to learn php to gain access to this box, although it really will help you in the future, id suggest studying up a bit on it.

    In the meantime you are definitely on the right track, I would continue to use google like you used your jizz sock back in the day. umm is that weird? no right? Just keep going your almost there, google more for php exploits on Joomla (version) look for previous vulnerabilities that have been used, search for anyway into this machine. If you have any further questions pm me with the steps you've taken.

    What a helpful dude thank you so much, I will do just that.

  • Looking at the source code guys, my brain is working over time. What should I be looking for? Am I looking for credentials? Am I supposed to script something, should I be trying to inject something. Ideally I know joomla has a back admin page, should I be trying to access this. I literally still have no clue.

  • EDIT: Something just sparked, the user that created this, if I create a reverse shell on the site via PHP would this work, is this the logic?

  • @shredz said:
    EDIT: Something just sparked, the user that created this, if I create a reverse shell on the site via PHP would this work, is this the logic?

    I think that is a good thought process. I would encourage you to run down that rabbit hole.

    Treelovah

  • @shredz said:
    Looking at the source code guys, my brain is working over time. What should I be looking for? Am I looking for credentials? Am I supposed to script something, should I be trying to inject something. Ideally I know joomla has a back admin page, should I be trying to access this. I literally still have no clue.

    Hey. In the Firefox browser right click on a page and click "View Page Source" look for anything that looks like it is out of place, once you see it you will know.

  • I've been trying to log into the webpage. I found s*****.txt but I don't know how to crack it. I'm pretty sure I know the username.

Sign In to comment.