@chrisbensch said:
Ok, able to read the php files in var www html. Just can’t seem to figure out how to abuse the path. I’ve been looking at the list.js functions and also inside the fileRead.php. A nudge?
@mbie said:
Looking for a privesc hint, currently stuck. Can’t understand how that versioned file can read with root permissions while the other file can’t. Any hints?
You might wanna check permissions or capabilities of that file… You’ll know what to do once you figure it out…
If you are stuck at the enumeration and you can only see “html” and “localhost” Spoiler Removed - Arrexel so it’s breakable, I didn’t use weird characters like %2e etc… It’s really easy ! Don’t think too much Hope I helped someone
@JeanMichel said:
If you are stuck at the enumeration and you can only see “html” and “localhost”, imagine that the filter only delete “…/” of your request, but not the total string ^^, so it’s breakable, I didn’t use weird characters like %2e etc… It’s really easy ! Don’t think too much Hope I helped someone
Enjoyed this machine… Thanks to those who gave some great hints… Learned some new linux commands on this machine and some other techniques…
For those stuck on initial foothold: There are a couple of posts here, some with articles, that will help you out a lot!
For those stuck on the priv esc and steps before that, the key is research to what you have “access” to for the first part and then what can help you and you have access to to get what you need…
ARRRRG, back here again. I’m able to see the user.txt file, however there is a filter not allowing me to read it… how can I bypass it? or do something else? Am I going the wrong direction? PM me
Hi Im Having trouble on last stage of Priv Esc (hopefully). I have logged in as the M* user and have escaped, but reached a block. Any hints / nudges would be appreciated either here or by PM to avoid spoilers . Done the usual crontab, look for suid binaries, permissions seem good.