Curling

1262728293032»

Comments

  • DM me if you need help.
  • Type your comment> @ivanlirezn said:

    found secret.txt what does that meant?

    usually when you want secret to be safe you cipher or encode it

  • @junzwtf said:
    stuck on the root.txt i can't find it. also that i don't have privlage on the root folder.

    just look around. the answer is right in front of you inside user's directory. you can also check out processes and who run them.

  • Type your comment> @ivanlirezn said:

    found secret.txt what does that meant?

    if you decode the secret .. it may let you enter ..

  • edited March 2019

    EDIT: Made it to user, but now stuck on root ;x

  • edited March 2019
    Rooted....
    Big shoutout to you guyss @elidev @Johnny5
    ..pm me for hints...
  • got root...
    you login, upload shell, make some edit then you got root.

    Please PM if you need hints... :smiley:

  • Hey all - noob here. I was able to get a meterpreter shell, but I am having trouble with privlege escalation. If anyone can help, please PM or reply

  • edited March 2019

    Could someone please pm with some help on getting root.txt? I currently have a user shell, and I'm stuck. Thank you!

    ** Got it! DM me for help.

  • Can someone help me pls? I can't get root.txt, I have an idea but I might be missing something :(

  • hvahva
    edited March 2019

    Got keys for both the user and root, but I'm having a hell of a time trying to get root shell. No luck so far enumerating.. Would love a hint!

  • Type your comment> @Puru said:

    Hey Guys,

    Total noob here. i am not able to figure out how to get to the user. found the ad*********** page, tried defaults, found F*****, and then found s******xt ..... but i have no idea as to where to go from here :/ can anyone help me here !!!

    @Puru I'm in the same step that you were. I have se****.txt looking at the source code, I have the real value with a hash decoder, I've scanned with joomscan but i don't know how to proceed. Any help?

  • edited March 2019

    @hippi3c0w said:

    I just got a user.txt, I was stuck for a while on the same s*****.**t file as you were... You probably want to login to the J**** GUI and try to see, if there are any options where you could modify the PHP page. Ping me if you would need help with that. We are slowly running out of time :) .

    I'm going to get root now. I have pretty good idea how to do that. The forum hints are incredible. You basically have all the information you need in here. Understanding these hints is what takes me quite a lot of time, lol.

    If my comment somehow helped you, you can show your appreciation with a Respect :)
    https://www.hackthebox.eu/home/users/profile/117977

  • Type your comment> @pkaiser said:

    @hippi3c0w said:

    I just got a user.txt, I was stuck for a while on the same s*****.**t file as you were... You probably want to login to the J**** GUI and try to see, if there are any options where you could modify the PHP page. Ping me if you would need help with that. We are slowly running out of time :) .

    I'm going to get root now. I have pretty good idea how to do that. The forum hints are incredible. You basically have all the information you need in here. Understanding these hints is what takes me quite a lot of time, lol.

    Thanks for the info, but i'm still lost. Currently i only have access via GUI, no server. I have tried to login via ssh but not way. I was tried to search any other user who posted but i'm not able to find anythyng.

    Regarding change PHP code, i only can see something in the post "My first post" and I've tried a reverse shell with shell_exec and try to show any user (with whoami).

    For my, at the moment, i only have secret.txt file, i'm trying to search for more txt files but i'm still on it.

    I also spend more time reading and trying to understand the hints that trying to attack the site hahaha

  • got user.txt, PM me for hints. Working on priv esc and not sure where to go. Ofc I assume it has to do with "Curl," so snooping around for that

  • got root.txt! No root shell though. Please pm/reply with hints

  • edited March 2019

    Got root hash.
    Got root shell by escalating privilege using a system's vulnerability.
    => PM if you need help <=

    Still Getting CRAZY with how to get a root shell using the "Obvious to use" xURL job.
    I'm on this for long, any hint would be appreciated !! Thanks.

    =============================================
    EDIT:
    Got it. Sometimes it is needed to look to the output before you study the input.

    Hints for last shell::

    • Consider the output
    • Your mom is not always right, Don't wash your clothes, sometimes your dirty sock is not that bad.

    => PM if you need help <=

  • edited March 2019

    am sure that decoded secret.*** and am typing the right user and still can't login in to panel idk
    pls am i on the right path pm pls

  • Type your comment> @ghost0437 said:

    Rooted....
    Big shoutout to you guyss @elidev @Johnny5
    ..pm me for hints...

    Indeed anytime!!!

  • ROOTED anyone need help PM ME
    I WILL BE HAPPY FOR

  • edited March 2019

    Any clues on how to gain root.txt or root shell after gaining user shell?

    I see that the input file affects the report file in the a-a directory..

    Thanks @secn0rm @Psycho00 managed to get the root.txt

    Going to use a similar method to try and get a root shell.

    LordImhotep
  • edited March 2019

    hi *, can so give me a hint regarding p*******_*****p...i got no idea what to do with that hexdump. thx :)

  • Type your comment> @ElCzw said:
    > hi *, can so give me a hint regarding p*******_*****p...i got no idea what to do with that hexdump. thx :)

    Compression and decompression 😌
  • Need help I also get the same error . Please PM me if anyone available .

Sign In to comment.