Hint for Waldo

1356719

Comments

  • Need some help with PHP. I am not a PHP expert, I can list the files within List Manager but stuck at playing with PHP parameters to read dir/files or create files. Any hint?

  • Try proxying everything, play around with the parameters sent to determine exactly what is going on. Read and understand what you see.

  • hello can anyone help with waldo root?

    image

    ------- MrBlackHat -------

  • Expected quite different from PrivEsc

    n01n02h

  • @Bear said:
    Any non substantial hints?

    ^^^^

    still stuck on privesc from monitor to whatever...

    dodo

  • edited August 2018

    @dodo said:

    @Bear said:
    Any non substantial hints?

    ^^^^

    still stuck on privesc from monitor to whatever...

    ^^^
    same here. Running out of ideas :(

    mrf1sh

  • hi gys
    any hints to change logM****** perm and grp

    Raouf09

  • Close to pulling my hair out, I know I'm missing something... why does the version folder work and not the other... per above, but no idea what to do from here :scream:

    da1y

    OSCP | eCPPTv2 | eJPT

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

  • edited August 2018

    Wow... ok, got it with a hint.. that's a new one for me :-)

    da1y

    OSCP | eCPPTv2 | eJPT

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

  • Congrats. I am stuck in the same spot.

  • edited August 2018

    @xontrompalas said:
    Hint for root: There is a specific file that expresses a very weird behavior. Only capable and potent hackers can find out why.

    This tip is EVERYTHING.

    Not what I was looking for at all in my enumeration, something i'll add to the arsenal.

    da1y

    OSCP | eCPPTv2 | eJPT

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

  • Tip For Privesc: If you see this file ..... Ask yourself how is he able to do what he does? How did the administrator do so that the binary can do it .

    xMagass

  • edited August 2018

    The way you start a post,it's kinda...

  • edited August 2018

    @raulcpop - good thing about opinions - they're your own.

    da1y

    OSCP | eCPPTv2 | eJPT

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

  • i see the file and i know what i should do but how to do that ????? any link to help me

    Raouf09

  • @Bear said:

    @xontrompalas said:
    Hint for root: There is a specific file that expresses a very weird behavior. Only capable and potent hackers can find out why.

    This tip is EVERYTHING.

    Not what I was looking for at all in my enumeration, something i'll add to the arsenal.

    Yeah, he's right. You really do have to be capable, at least with Linux anyway.

    A better finale would've made this box epic. There's so many places that could've gone. lol

    Hack The Box

  • edited August 2018

    Can someone point me towards the right path for the final privesc? Found the special file, no idea why it behaves that way...

  • @moullos said:
    Can someone point me towards the right path for the final privesc? Found the special file, no idea why it behaves that way...

    Same - tried everything that came up my mind, still looks like suid or sudoers but none of them can be found.

    image

  • Managed to get user rather fast. I know my PHP. :) Now working on root, think I have 'the file' people are talking about. I gotta admit my linux commandline know-how is hitting a bit of a wall. Still on it though!

    Maglok

  • @blackhood said:

    A better finale would've made this box epic. There's so many places that could've gone. lol

    Indeed, it was a bit "underwhelming". But still, I ended up with a valuable addition to the enumeration workflow.

    gedsic

  • Rooted this box. Getting root flag was tough but got it. Cheers!

    Hack The Box

  • edited August 2018

    Spoiler Removed - Arrexel

  • Would be nice to get a nudge on the privesc via PM

    image

  • damn...
    need some help for PE

    Arrexel
    OSCP | I'm not a rapper

  • edited August 2018

    I can read all the files in the system via RCE. Anyway I cannot find the right way to inject a RCE inverse shell remote. Please PM with a nut

  • could someone possibly help with whats required for initial foothold - I know what ive got to do and where, how to exploit it but I'm not a php coder - Servers and Networks are more my thing (this will be a usefull learning experience)

    ZaphodBB

  • Stuck on privesc. I've enumerated the usual stuff, any nudges on the right direction?

  • Can anyone PM me a nudge in the right direction for Privesc? I'm aware of the file that is able to do stuff it really shouldn't...not sure how though or how to replicate it.

  • @The5thDomain said:
    Can anyone PM me a nudge in the right direction for Privesc? I'm aware of the file that is able to do stuff it really shouldn't...not sure how though or how to replicate it.

    Same here, anybody here who can give me a hint?

  • edited November 2018

    Spoiler Removed - egre55

    lahirukkk

Sign In to comment.