Managed to get user rather fast. I know my PHP. Now working on root, think I have ‘the file’ people are talking about. I gotta admit my linux commandline know-how is hitting a bit of a wall. Still on it though!
@blackhood said:
A better finale would’ve made this box epic. There’s so many places that could’ve gone. lol
Indeed, it was a bit “underwhelming”. But still, I ended up with a valuable addition to the enumeration workflow.
Rooted this box. Getting root flag was tough but got it. Cheers!
Spoiler Removed - Arrexel
Would be nice to get a nudge on the privesc via PM
■■■■…
need some help for PE
I can read all the files in the system via RCE. Anyway I cannot find the right way to inject a RCE inverse shell remote. Please PM with a nut
could someone possibly help with whats required for initial foothold - I know what ive got to do and where, how to exploit it but I’m not a php coder - Servers and Networks are more my thing (this will be a usefull learning experience)
Stuck on privesc. I’ve enumerated the usual stuff, any nudges on the right direction?
Can anyone PM me a nudge in the right direction for Privesc? I’m aware of the file that is able to do stuff it really shouldn’t…not sure how though or how to replicate it.
@The5thDomain said:
Can anyone PM me a nudge in the right direction for Privesc? I’m aware of the file that is able to do stuff it really shouldn’t…not sure how though or how to replicate it.
Same here, anybody here who can give me a hint?
Spoiler Removed - egre55
@waspy said:
@Pratik said:
Rooted this box. Getting root flag was tough but got it. Cheers!in the file we should put a case that read root.txt for us
am i on the right track
Not quite. Would the compiled program be able to read the flag?
@Cli3nt said:
@The5thDomain said:
Can anyone PM me a nudge in the right direction for Privesc? I’m aware of the file that is able to do stuff it really shouldn’t…not sure how though or how to replicate it.Same here, anybody here who can give me a hint?
I wasted my half of day behind that file nothing worked finally i read the root flag using some other binary
@venki9990 said:
@Cli3nt said:@The5thDomain said: Can anyone PM me a nudge in the right direction for Privesc? I'm aware of the file that is able to do stuff it really shouldn't...not sure how though or how to replicate it. Same here, anybody here who can give me a hint?
I wasted my half of day behind that file nothing worked finally i read the root flag using some other binary
same what a rabbit hole
Any hint for priv ecs? I was thinking I should edit loxxxxxxxx
file, but after read the posts, I think i am in a wrong way?
Updae: NVM.
is it possible to get root ?
@gedsic said:
@waspy said:
@Pratik said:
Rooted this box. Getting root flag was tough but got it. Cheers!in the file we should put a case that read root.txt for us
am i on the right trackNot quite. Would the compiled program be able to read the flag?
i got root and has no deal with thous files, there is a bin running as root use it to get the lag