Curling

@jippiedoe said:
This box is very frustrating to try to get a grisp off while it’s fresh, as everyone keeps using one of the public places (/index.php anyone?) as their reverse shell, ruining it for the rest.

This is where VIP becomes VERY nice. I had a decent amount of time with this box because the server wasn’t very crowded.

A fun box!
Got user and root flags. PM for hints if needed.

Rooted ! I i was try hard lot for privesc but finally easy. Thx @rikter

@oaxd said:
No need to uploade a file, just leverage another common Joomla functionality in order to get your code executed. Think about at which places code gets executed and how you could maybe insert your own

I would recommend not doing this for this reason:

@jippiedoe said:
This box is very frustrating to try to get a grisp off while it’s fresh, as everyone keeps using one of the public places (/index.php anyone?) as their reverse shell, ruining it for the rest.

Instead, try to create your own. It’s not any more complex and inserting stuff, but it doesn’t mess with other users.

@Skunkfoot said:

To be fair to @Frey, this box really is pretty simple in the end. And I understand why “Try Harder” can be discouraging, but people get into a habit of asking for help for one thing, and then following it up immediately when they get stuck on the next step. I get SO many PMs like this. I don’t mind helping people, but I’m not here to walk you through this step by step either, ya know?

So yeah, when people say “Try Harder”, they usually mean something along the lines of “continue doing research and trying to learn new things. Maybe one of the things you try will work” :slight_smile:

I get that and, to be clear, I agree with both of you on this topic :slight_smile: You have both helped me and others when stuck on various boxes. What I like about HTB is the fun of trying things while learning new techniques (or simply realising how hard it is to spot a typo in a command line…) The help from other members is 90% of the learning.

I think there is a time and a place for “try harder” (for example, telling a new starter to try harder with nmap scans vs try harder with creating a NOP Sled to deliver a stack-based BOF). I am sorry if I’ve dragged the conversation away from this box.

Thanks to L4mpje for the box. I would say this is a good introductory box for new users to dip their toes in. There are multiple ways to achieve the same result, semi-trolls that might make you question your process etc and none of it is too technically involved that you would have to be an expert in any specific technology to get through it.
Happy to help anyone that is stuck through dms.

someone’s messing with the box, main page no longer shows what it should, instead there was a shell just now

that is odd @Krigga it is working on my end

@Tree now it’s good

oh wow my friend is experiencing the same issue

Rooted. Spent so much time digging for privesc, when answer was right there. Just wow… Cool box, thanks to the creator!

@Skunkfoot said:

@oaxd said:
No need to uploade a file, just leverage another common Joomla functionality in order to get your code executed. Think about at which places code gets executed and how you could maybe insert your own

I would recommend not doing this for this reason:

@jippiedoe said:
This box is very frustrating to try to get a grisp off while it’s fresh, as everyone keeps using one of the public places (/index.php anyone?) as their reverse shell, ruining it for the rest.

Instead, try to create your own. It’s not any more complex and inserting stuff, but it doesn’t mess with other users.

yeah this is the easiest way for VIP peoples

@td00k said:
For the ones that are stucked on that crazy b***up file, I recommend to take a look on the OverTheWire – Bandit, level 12. Hope that isn’t too much spoil :slight_smile:

yes. it is good hint

This is pathetic, nothing I upload works wtf this is stupid joomla

@cslatt05 said:
This is pathetic, nothing I upload works wtf this is stupid joomla

+1

Ooof…need a hint for root. I see the input/output files. I even see the exact commands running as root that update them, but I can’t figure out what to do from there. I don’t have access to any of these files…

@td00k said:
For the ones that are stucked on that crazy b***up file, I recommend to take a look on the OverTheWire – Bandit, level 12. Hope that isn’t too much spoil :slight_smile:

This!!!

@Rayvenhawk said:

@td00k said:
For the ones that are stucked on that crazy b***up file, I recommend to take a look on the OverTheWire – Bandit, level 12. Hope that isn’t too much spoil :slight_smile:

^^^^^This helped me feel better that I wasn’t chasing down a rabbit hole.

Definitely worked \m/\m/

can anybody tell me what we do with p_b file in server…

Finally got root. Thx @Ahm3dH3sham for his guidance and all the comments from different prof here!!!