Hint for Waldo

Need some help with PHP. I am not a PHP expert, I can list the files within List Manager but stuck at playing with PHP parameters to read dir/files or create files. Any hint?

Try proxying everything, play around with the parameters sent to determine exactly what is going on. Read and understand what you see.

hello can anyone help with waldo root?

Expected quite different from PrivEsc

@Bear said:
Any non substantial hints?

^^^^

still stuck on privesc from monitor to whatever…

@dodo said:

@Bear said:
Any non substantial hints?

^^^^

still stuck on privesc from monitor to whatever…

^^^
same here. Running out of ideas :frowning:

hi gys
any hints to change logM****** perm and grp

Close to pulling my hair out, I know I’m missing something… why does the version folder work and not the other… per above, but no idea what to do from here :scream:

Wow… ok, got it with a hint… that’s a new one for me :slight_smile:

Congrats. I am stuck in the same spot.

@xontrompalas said:
Hint for root: There is a specific file that expresses a very weird behavior. Only capable and potent hackers can find out why.

This tip is EVERYTHING.

Not what I was looking for at all in my enumeration, something i’ll add to the arsenal.

Tip For Privesc: If you see this file … Ask yourself how is he able to do what he does? How did the administrator do so that the binary can do it .

The way you start a post,it’s kinda…

@raulcpop - good thing about opinions - they’re your own.

i see the file and i know what i should do but how to do that ??? any link to help me

@Bear said:

@xontrompalas said:
Hint for root: There is a specific file that expresses a very weird behavior. Only capable and potent hackers can find out why.

This tip is EVERYTHING.

Not what I was looking for at all in my enumeration, something i’ll add to the arsenal.

Yeah, he’s right. You really do have to be capable, at least with Linux anyway.

A better finale would’ve made this box epic. There’s so many places that could’ve gone. lol

Can someone point me towards the right path for the final privesc? Found the special file, no idea why it behaves that way…

@moullos said:
Can someone point me towards the right path for the final privesc? Found the special file, no idea why it behaves that way…

Same - tried everything that came up my mind, still looks like suid or sudoers but none of them can be found.

Managed to get user rather fast. I know my PHP. :slight_smile: Now working on root, think I have ‘the file’ people are talking about. I gotta admit my linux commandline know-how is hitting a bit of a wall. Still on it though!

@blackhood said:

A better finale would’ve made this box epic. There’s so many places that could’ve gone. lol

Indeed, it was a bit “underwhelming”. But still, I ended up with a valuable addition to the enumeration workflow.