Curling

can anybody tell me what we do with p_b file in server…

Finally got root. Thx @Ahm3dH3sham for his guidance and all the comments from different prof here!!!

@ZeusBot said:
can anybody tell me what we do with p_b file in server…

Check the header of that file and try to use the suitable tool to open it!

Hi all. How upload shell without index page?

@mazafaka said:
Hi all. How upload shell without index page?

You must search the administration page ! :wink:

@d4ydr34mer said:
Ooof…need a hint for root. I see the input/output files. I even see the exact commands running as root that update them, but I can’t figure out what to do from there. I don’t have access to any of these files…

In the command what are the parameters used for? Check the man pages :wink:

Can’t seem to get the correct syntax or I’m looking in the wrong place for privesc. Could anyone send me a PM?

guys I saw 2 file inside ***area. but stuck at priv esc. please PM me any hint for me??

@agnarus said:
guys I saw 2 file inside ***area. but stuck at priv esc. please PM me any hint for me??

@oaxd thanks Bro.

@Rhaihi said:
I’am trying to upload a shell but I keep getting the message: “File not safe”, I have adjusted the settings so that the shell is accepted but still cant upload… how can I bypass this “File is not safe” message?

Joomla has a built-in mechanism to upload bundles of PHP files.

nice and funny
also getting root.txt with and without a shell is something to add to the arsenal if you haven’t yet, esp. for CTF style challenges

This is a easy box, but if anyone needs help, pm me.

This was an easy one. Usually it takes me days to get both flags but this time it was a matter of minutes. I think this box will be awesome for starters in the Linux pentesting.

Question, was intended for this machine to have a upload form in the main page?

Can anyone DM with a hint on root? I think I maybe down a rabbit hole?

Can someone give a hint for root? I know where to look, just not what to look for

Is the machine unstable on the Free Server? I am getting this almost every time I am working on the machine.
"WARNING: Failed to daemonise. This is quite common and not fatal. Connection refused (111) "

@Draco123 said:
Is the machine unstable on the Free Server? I am getting this almost every time I am working on the machine.
"WARNING: Failed to daemonise. This is quite common and not fatal. Connection refused (111) "

As a few people have stated before, there’s one method of getting code execution which involves overwriting the default page. That particular route of getting RCE is what’s causing the error you’re seeing.

Stuck on priv esc… I see the files inside the *****area but I don’t know what I can use them for, any hints?

Help anyone please.
I managed to get a reverse shell then decrypted that p******* file too. got some data but then stuck. No idea what to do and how to use it to read user.txt.