id like to know what exactly the php code is doing behind the scenes. I don't know what to research in google if I don't know the name of the function...etc
edit: i figured out how to read the source code of those files. thanks finrir!
Need a decent solid hint on how to read the file under /etc/
Used a certain file + burp to forceably traverse / READ folders so i can now see where i need to be but no amount of changing variables etc seems to work.(and examples from hours of googling dont seem to work either)
@ZaphodBB said:
Wasting far too much time on this one
Need a decent solid hint on how to read the file under /etc/
Used a certain file + burp to forceably traverse / READ folders so i can now see where i need to be but no amount of changing variables etc seems to work.(and examples from hours of googling dont seem to work either)
have you got a shell yet? or are you talking about priv esc?
Just getting initial foothold - unless Im completly mistaken and I'm barking up the wrong tree, it seems to me like the detaisl for initial users are gained by directory traversal - php explitation.
I'm stuck at the directory traversal. I know the search and replace pattern, but can't break outside varwww... pm me hints please before I pull all my hair. If someone can only pm me the syntax to get to var, I'll figure out the rest!
@berthaz said:
I'm stuck at the directory traversal. I know the search and replace pattern, but can't break outside varwww... pm me hints please before I pull all my hair. If someone can only pm me the syntax to get to var, I'll figure out the rest!
Check your messages for a hint - after much hair pulling I've sussed it
I got root with a hint now, but no idea how this works. Anybody who can share me a link via PM for an explanation or better who can have a short chat about that?
logM****** uses strcpy which if i remember right is prone to buff overflow... hot or cold? i dont know much about how to execute a buff overflow but ill look into it
@Meatex said:
bit lost on getting user access on this. Got a key and filtered out the bad characters and have a valid key but it doesn't work.
Pretty stuck now
If your sure key is valid, what other parameters could be changed?
Ok, able to read the php files in var www html. Just can't seem to figure out how to abuse the path. I've been looking at the list.js functions and also inside the fileRead.php. A nudge?
@Meatex said:
bit lost on getting user access on this. Got a key and filtered out the bad characters and have a valid key but it doesn't work.
Pretty stuck now
If your sure key is valid, what other parameters could be changed?
Key said valid but using the link in earlier in this thread to clean it up and using autoreplace must have introduced a typo.
Manually cleaning up the key file did the trick
Looking for a privesc hint, currently stuck. Can't understand how that versioned file can read with root permissions while the other file can't. Any hints?
@chrisbensch said:
Ok, able to read the php files in var www html. Just can't seem to figure out how to abuse the path. I've been looking at the list.js functions and also inside the fileRead.php. A nudge?
@mbie said:
Looking for a privesc hint, currently stuck. Can't understand how that versioned file can read with root permissions while the other file can't. Any hints?
You might wanna check permissions or capabilities of that file.. You'll know what to do once you figure it out..
If you are stuck at the enumeration and you can only see "html" and "localhost" Spoiler Removed - Arrexel so it's breakable, I didn't use weird characters like %2e etc... It's really easy ! Don't think too much Hope I helped someone
Comments
id like to know what exactly the php code is doing behind the scenes. I don't know what to research in google if I don't know the name of the function...etc
edit: i figured out how to read the source code of those files. thanks finrir!
If anyone need hints, pm me.
Iv'e never dealt with docker containers... anybody got some good reference material on this I could read?
Wasting far too much time on this one
Need a decent solid hint on how to read the file under /etc/
Used a certain file + burp to forceably traverse / READ folders so i can now see where i need to be but no amount of changing variables etc seems to work.(and examples from hours of googling dont seem to work either)
have you got a shell yet? or are you talking about priv esc?
Just getting initial foothold - unless Im completly mistaken and I'm barking up the wrong tree, it seems to me like the detaisl for initial users are gained by directory traversal - php explitation.
how can version 0.1 read root's file while not even suid any keyword to research on please?
Finally got user.txt ... What a pain i was trying the right thing the whole time besides one character...
Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0
[CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]
what the heck is .restrictSXXXXX.sh? im in unfamiliar territory
Rooted, special thanks to loln00b for the hint was really helpful thanks mate.
Got root, many thanks to mcruz for you hints.
You are welcome.
Now after I rooted it - I realize that this was / would have been the best hint ;-)
But I haven't got the message before reading and learning a lot about what I obviously did not know about Linux!
I'm stuck at the directory traversal. I know the search and replace pattern, but can't break outside varwww... pm me hints please before I pull all my hair. If someone can only pm me the syntax to get to var, I'll figure out the rest!
Check your messages for a hint - after much hair pulling I've sussed it
I got root with a hint now, but no idea how this works. Anybody who can share me a link via PM for an explanation or better who can have a short chat about that?
Thanks in advance!
Can someone PM me with ahint for root????
Just rooted!!! didnt understand the process much. anyone available in PM to discuss it?
rooted pm me
can someone pm me about the priv esc?
bit lost on getting user access on this. Got a key and filtered out the bad characters and have a valid key but it doesn't work.
Pretty stuck now
If your sure key is valid, what other parameters could be changed?
Ok, able to read the php files in var www html. Just can't seem to figure out how to abuse the path. I've been looking at the list.js functions and also inside the fileRead.php. A nudge?
Key said valid but using the link in earlier in this thread to clean it up and using autoreplace must have introduced a typo.
Manually cleaning up the key file did the trick
Looking for a privesc hint, currently stuck. Can't understand how that versioned file can read with root permissions while the other file can't. Any hints?
You might wanna check permissions or capabilities of that file.. You'll know what to do once you figure it out..
Finally i got root, and i knew a new command with this box
thanks mr. mcruz
I don't have Signature...
You are welcome, you guys can PM me whenever you want if needs help.
If you are stuck at the enumeration and you can only see "html" and "localhost" Spoiler Removed - Arrexel so it's breakable, I didn't use weird characters like %2e etc... It's really easy ! Don't think too much
Hope I helped someone