Curling

@Rhaihi said:
I’am trying to upload a shell but I keep getting the message: “File not safe”, I have adjusted the settings so that the shell is accepted but still cant upload… how can I bypass this “File is not safe” message?

Joomla has a built-in mechanism to upload bundles of PHP files.

nice and funny
also getting root.txt with and without a shell is something to add to the arsenal if you haven’t yet, esp. for CTF style challenges

This is a easy box, but if anyone needs help, pm me.

This was an easy one. Usually it takes me days to get both flags but this time it was a matter of minutes. I think this box will be awesome for starters in the Linux pentesting.

Question, was intended for this machine to have a upload form in the main page?

Can anyone DM with a hint on root? I think I maybe down a rabbit hole?

Can someone give a hint for root? I know where to look, just not what to look for

Is the machine unstable on the Free Server? I am getting this almost every time I am working on the machine.
"WARNING: Failed to daemonise. This is quite common and not fatal. Connection refused (111) "

@Draco123 said:
Is the machine unstable on the Free Server? I am getting this almost every time I am working on the machine.
"WARNING: Failed to daemonise. This is quite common and not fatal. Connection refused (111) "

As a few people have stated before, there’s one method of getting code execution which involves overwriting the default page. That particular route of getting RCE is what’s causing the error you’re seeing.

Stuck on priv esc… I see the files inside the *****area but I don’t know what I can use them for, any hints?

Help anyone please.
I managed to get a reverse shell then decrypted that p******* file too. got some data but then stuck. No idea what to do and how to use it to read user.txt.

So I got a reverse shell with nc as well but I’m stuck at the reading user.txt part. I’ve tried serving it up with p***** http server with no luck. I understand that it might require cracking another file? Can anyone help me out with a pm hint?

Well this really was an interesting machine :slight_smile:
It is a great learning experience. Learnt many things that I had never done.
Thanks for the box <3

Sure is hard to keep a shell going when someone keeps resetting the box…

If someone wants to give a hint on how to get a root shell would be great! I got the flag, just wanna know how can i get a real shell!

User and root flags obtained. Not elegant, but effective. I think this is a pretty decent beginner box. It’s thorough recon all the way through. A little one-line shell scripting at the end was helpful.

User was easy after I realized I tried to skip ahead a little after getting a shell. Now I’m stuck on privesc. Have possibly found some trolls and tried experimenting with the two files but not sure what I’m doing wrong or if I’m even on the right track. Can someone PM me with a hint to push me in the right direction?

Yeah I understand the relation between the files. Still having issues getting the files to output what I am looking for.

Any hints for priv esc??

@saketsourav said:
Any hints for priv esc??

Look around user’s folder! Something interesting exists :wink: