SWAGSHOP Broken?

Hey everyone,

Is swagshop broken or.. ?

Option1
While I do realized there can be multiple ways to do this so, I opted to use searchsploit for the site in question... I make the necessary modifications... I got everything working now in order to do a reverseshell... I need to upload the xml package file but the downloader link is not available, gave me a 404 path location doesn'r exit at all.

Option2
So, in deciding to try something else, like using gobuster, which it used v3.0.1 latest version has a number of new commands. So, I figured this out with some reading/research/trial and error... now, I got gobuster working, it finished after it took some time... After Gobuster finished, i got into a brainfart moment that I do not know what else to do from there..

so yes, I am a noob... I spent a few days when it took someone few minutes. That's embarrassing for me... I wish to not get flamed at please.. I did all I could.. option2 seems doable in my case than option1.

I am trying to get to user.txt/root.txt... not sure what I need to do.. to clear my first box with some points.

Any ideas would be great...

Tagged:

Comments

  • edited September 17

    The method using the downloader was not the intended path and was causing a lot of instability for many users. So that is not the path forward and the creator of the box removed it. Examine the website and use google-fu.

  • Type your comment> @Rasalom said:

    The method using the downloader was not the intended path and was causing a lot of instability for many users. So that is not the path forward and the creator of the box removed it. Examine the website and use google-fu.

    The path was to help me get reverse shell from my explanation in option1.... I'm just trapped and my brain is lost for other ideas... not sure what to look at in Google-Fu..

    Thanks for the response..

  • There are plenty of hints in the main thread for Swagshop.

    https://forum.hackthebox.eu/discussion/1810/swagshop

  • Type your comment> @Rasalom said:

    There are plenty of hints in the main thread for Swagshop.

    https://forum.hackthebox.eu/discussion/1810/swagshop

    I saw that, but there's so many, 39 pages... I guess I'll just weed through them.

    Thx

  • Hacking seems to be about reading & googling more than anything else ;)

  • Type your comment> @Rasalom said:

    Hacking seems to be about reading & googling more than anything else ;)

    Agreed.. I am looking at things way too hard and may have overlooked at the easy things.. research makes good practice... if used correctly of course.

  • No it is not, there is another way to do it. Yesterday I was stuck on the same thing. Move forward and find other way to upload xD Hope it will help you.

  • Type your comment> @pwsecspirit said:

    No it is not, there is another way to do it. Yesterday I was stuck on the same thing. Move forward and find other way to upload xD Hope it will help you.

    I did see other ways to upload.. but trying to get shell seems impossible... I know I am missing something...

  • Hi guys!
    Can you someone pls give me some hints on getting the user shell in the Swagshop machine? I got access to the application already.
    THX

Sign In to comment.