Poison

I am able to inject code, read files through log, but I am not able to get reverse shell:-/ Neither I am able to upload file…stuck:-(

@opanwar said:

@resiliencia90 said:
Hi, used lfi, got some files… I have the usernames and the encryptet code.
I’m now struggeling with the decryption. Tried several algorithms, but it doesn’t work. It would be great if somebody could give me a hint. Just a hint, not the solution… (:

This is my second machine & I’m in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?

@karelchajim said:
I am able to inject code, read files through log, but I am not able to get reverse shell:-/ Neither I am able to upload file…stuck:-(

Got the shell. Now an priv esc.
Thank you guys, already learned a lot.

If you still need a hint feel free to send me a message.

If anyone needs a helpful nudge, feel free to PM me with what you’ve done and where you’re at. Fun box!

I got user on this box but in spite of reading the threads here, and running linenum, I can’t get root. Anyone want to PM me a hint?

@resiliencia90 said:

@opanwar said:

@resiliencia90 said:
Hi, used lfi, got some files… I have the usernames and the encryptet code.
I’m now struggeling with the decryption. Tried several algorithms, but it doesn’t work. It would be great if somebody could give me a hint. Just a hint, not the solution… (:

This is my second machine & I’m in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?

Nope, will work on it now. Going to take a step back and enumerate more… maybe we missed something?!
Also tried log-injection but weren’t able to get a shell.
It’s also my second machine… Nibbles was easier :stuck_out_tongue:

Ha, that was my first machine as well. I sent you a PM.

@n0bf said:
I got user on this box but in spite of reading the threads here, and running linenum, I can’t get root. Anyone want to PM me a hint?

Find answers to the following questions, and you should be on the right way.
What is a sysadmin ? What is his work ? How does he work ? How does he work securely ?

@Ethic give you a good hint but I would add.
Think like most sysadmin think"

In this thread @NanoByte said

This box is not about thinking outside the box, its about thinking about this person and >>how they use the box. If we start enumerating the box we find several interesting things. >>Maybe there is a service of note. Many of you have found this service but have found >>yourself not able to utilize it. Think about how the person who owns the box would >>utilize it? Maybe there are guides online that he followed to secure it the way its secured? >>I bet if you did some googles from the prospective of the user of the box trying to set it >>up you would figure out really fast."

This is a good hint !

  1. How does one unzip the file on the machine? I don’t see an option for adding a password for unzip

  2. If it can’t be unzipped on the machine how does one download the file? I tried scp but keep getting permission denied

Any hints?

@DrChud It is possible to unzip it on the machine, consider trying other tools to unzip.
It is possible to unzip it on the machine, but read about netcat.

Whoever that is resetting the box every five minutes, plz stop

@DrChud said:

  1. How does one unzip the file on the machine? I don’t see an option for adding a password for unzip

  2. If it can’t be unzipped on the machine how does one download the file? I tried scp but keep getting permission denied

Any hints?

  1. “-P”
  2. scp works.
    :slight_smile:

@xdaem00n and @resiliencia90

Thanks for the tips. +1 respect to both of you

@BlackArrow said:
I need some help…found usernames and decoded the code, ssh does not work that decoded password…Dont know what to do…somebody help…

Think about what services are running on the system. Think about the creator. That’s how I got user, can’t help you with root though.

unzipped the file. but not sure how to get forward

@iammainul said:
unzipped the file. but not sure how to get forward

Here’s a couple of hints for you:

  • The output of LinEnum.sh has the service you are looking for. Look for something that you may not expect to find on a non-GUI system.
  • Not every port is open for the world to see. Can you find a way to access those ports from your kali box?

Good luck.

@opanwar said:

@iammainul said:
unzipped the file. but not sure how to get forward

Here’s a couple of hints for you:

  • The output of LinEnum.sh has the service you are looking for. Look for something that you may not expect to find on a non-GUI system.
  • Not every port is open for the world to see. Can you find a way to access those ports from your kali box?

Good luck.

can I PM you?

@iammainul said:

@opanwar said:

@iammainul said:
unzipped the file. but not sure how to get forward

Here’s a couple of hints for you:

  • The output of LinEnum.sh has the service you are looking for. Look for something that you may not expect to find on a non-GUI system.
  • Not every port is open for the world to see. Can you find a way to access those ports from your kali box?

Good luck.

can I PM you?

Sure PM away.

Hi

I am getting a grey/white screen with some weird buttons when trying to get root.

What parameters should i add? I was thinking about -geometry but that doesn’t fix anything?
EDIT: nevermind, Spoiler Removed - Arrexel

Just rooted, pm me if you have questions! Thanks for everybody who helped me!

@JohnVanBoxtel said:
Hi

I am getting a grey/white screen with some weird buttons when trying to get root.

What parameters should i add? I was thinking about -geometry but that doesn’t fix anything?
EDIT: nevermind, Spoiler Removed - Arrexel

Just rooted, pm me if you have questions! Thanks for everybody who helped me!

Well… I guess this is more than a nudge for people who are just starting priv esc.

Got root.
Learned a lot from this box. Awesome, thank you.

If anybody needs a hint: feel free to send me a message. :slight_smile:

rooted, thanks