Curling

I wrapped the whole string, parts of the string with different quotes …used the bash operator, built in operator, piped input …put it before and after the target… just couldn’t get it to work. it kept breaking the actual function or disregarding my commands

I had no difficulty with user.txt, I got root.txt, no privesc, but concept was difficult for me as a beginner. Thank You @L4mpje

Okay, I’m struggling. I managed to find user.txt but couldn’t download or read it. I found p*******_b***** but I don’t know what to do with it. And then the entry point that I was using was closed. I have seen that I can use c*** to upload a payload but I can’t seem to get it to work. Any help, hint, etc. would be great. Please PM with any suggestions.

cant upload the shell in sites what im gonna doo? help me please :smiley:

@nathacks said:
cant upload the shell in sites what im gonna doo? help me please :smiley:

Tell us what you did and we are gonna tell you what you did wrong.

EDIT: thanks to @YellowBanana for the help!

.

@JKryten said:
Okay, I’m struggling. I managed to find user.txt but couldn’t download or read it. I found p*******_b***** but I don’t know what to do with it. And then the entry point that I was using was closed. I have seen that I can use c*** to upload a payload but I can’t seem to get it to work. Any help, hint, etc. would be great. Please PM with any suggestions.

Soooo, any suggestions? The upload link that someone placed on the homepage is no longer there and I cannot figure out to get c*** to work. Anyone, anyone? Bueller?

@0racle said:
guys ! may i take hint for root? i got user.txt but cant handle root.

guys?

@JKryten said:

@JKryten said:
Okay, I’m struggling. I managed to find user.txt but couldn’t download or read it. I found p*******_b***** but I don’t know what to do with it. And then the entry point that I was using was closed. I have seen that I can use c*** to upload a payload but I can’t seem to get it to work. Any help, hint, etc. would be great. Please PM with any suggestions.

Soooo, any suggestions? The upload link that someone placed on the homepage is no longer there and I cannot figure out to get c*** to work. Anyone, anyone? Bueller?

Well you can play with the p*******_b***** file that you found in the server as first hint. You cannot open the user.txt because you are not an actual user of the machine, you are logged in as a “service”. If you manage to crack the file that you said then you will know what to do. :slight_smile:

@0racle said:

@0racle said:
guys ! may i take hint for root? i got user.txt but cant handle root.

guys?

You have to find a folder and dig in it. :slight_smile:

Is someone able to PM me for hint on root? I have gone through the forum, I’ve identified what I believe is the “process” that is running, I have tried a few things but I’m a bit lost…

Edit: NVM got it, only got root.txt don’t really see how people are getting shell from this…
If anyone is willing to tell me could they PM how they managed to get shell? Out of curiosity

Well, at this point, I don’t actually know what to do with p*******_b*****. Some have mentioned “cracking” it, others have mentioned it being a compressed format. It looks like hashes and it may have something to do with s** but I haven’t been able to figure it out yet. I have been at this for far too long and I haven’t even gotten user yet.

I am already done with user and root, but i cant understand how i can properly catch what process using/launching file in directory and with what options. Any solutions? I tried lsof, but it is not proper tool i think. Please answer here or PM me.

@JKryten said:
Well, at this point, I don’t actually know what to do with p*******_b*****. Some have mentioned “cracking” it, others have mentioned it being a compressed format. It looks like hashes and it may have something to do with s** but I haven’t been able to figure it out yet. I have been at this for far too long and I haven’t even gotten user yet.

It’s actually both. It’s a compressed format file with a little “puzzle” that you have to “crack”.

I just got root and am wondering how people got shell. I have an idea but if anyone wants to chat let me know.

@0racle said:

@0racle said:
guys ! may i take hint for root? i got user.txt but cant handle root.

guys?

What have you got so far? Feel Free to PM me.

Well It was a bit dificult but
getting the root flag wasn’t hard at all.
except dealing with the fact that the box kept getting reset every 5 minutes.
Talk to y’all later!

hello,
i need help about the file to found. I get the u***.txt but i don’t have access to it. Could you help me please.

i could use some nudge on how to decode s*****.t** can anyone help me pm?

I got user, I tried to add reverse shell code to a different file that wouldn’t ruin everyone else trying to log in, but I couldn’t get the path right. Tried to overwrite one, and just make a new file.

Also, can anyone explain how I should know next time to do the first command on the p********_b****** file? Is it all the 0’s? I tried to go straight into a b**** command, which obviously didn’t work. If I see another file, I don’t know how to recognize that it needs that conversion.