@Rhaihi said:
I’am trying to upload a shell but I keep getting the message: “File not safe”, I have adjusted the settings so that the shell is accepted but still cant upload… how can I bypass this “File is not safe” message?
Joomla has a built-in mechanism to upload bundles of PHP files.
This was an easy one. Usually it takes me days to get both flags but this time it was a matter of minutes. I think this box will be awesome for starters in the Linux pentesting.
Is the machine unstable on the Free Server? I am getting this almost every time I am working on the machine.
"WARNING: Failed to daemonise. This is quite common and not fatal. Connection refused (111) "
@Draco123 said:
Is the machine unstable on the Free Server? I am getting this almost every time I am working on the machine.
"WARNING: Failed to daemonise. This is quite common and not fatal. Connection refused (111) "
As a few people have stated before, there’s one method of getting code execution which involves overwriting the default page. That particular route of getting RCE is what’s causing the error you’re seeing.
Help anyone please.
I managed to get a reverse shell then decrypted that p******* file too. got some data but then stuck. No idea what to do and how to use it to read user.txt.
So I got a reverse shell with nc as well but I’m stuck at the reading user.txt part. I’ve tried serving it up with p***** http server with no luck. I understand that it might require cracking another file? Can anyone help me out with a pm hint?
User and root flags obtained. Not elegant, but effective. I think this is a pretty decent beginner box. It’s thorough recon all the way through. A little one-line shell scripting at the end was helpful.
User was easy after I realized I tried to skip ahead a little after getting a shell. Now I’m stuck on privesc. Have possibly found some trolls and tried experimenting with the two files but not sure what I’m doing wrong or if I’m even on the right track. Can someone PM me with a hint to push me in the right direction?