Vault

I’ve some trouble with shell upload, i try some way … if i upload wrong file i’ve got error message, but if i try other the page is like stuck without any message, is it normal?

edit: rooted
This thread is full of hints already, but giving my two cents:
User: Up to the first reverse shell it’s really straightforward. You then start enumerating everything, you’ll find your way. Read the files and learn lateral movement.

Root: Easier to find, trickier to get. You’ll need to research and to pay more attention to details. One hint is to write down everything you find since the beginning, you never know when or how you might need it.

I’m root on D**…cannot find any root.txt…any hint???

@BlackArrow said:
I’m root on D**…cannot find any root.txt…any hint???

You have got another box to go yet…

fucking awesome box again. Was funny but I don’t want to see it again!!!.

My hints:

User: don’t overthing as did. enumerate file uploads extension. Read this article https://netsec.ws/?p=278 (file free to report if it was a spoil). If you find other service just enumerate again (from the beginning like a new machine), but don’t touch too much or you will lose the information. Be Fucking happy

Root: everything here, so follow instuction. Read the logs, read everything. Copy and paste in a smart way. At this point you are close, all you need is in initial machine. And again be fucking happy

Feel free to report spoil

got root thanks @CHUCHO for the hints on tunneling!!!

@IteXss said:
got root thanks @CHUCHO for the hints on tunneling!!!

ssh tunneling not working here…■■■■ my syntax

I would really appreciate it if someone can PM me and have time to explain to me what really the objective of ssh tunneling is? I’ve read through several posts but i really need question specific answers :slight_smile: thanks in advance

Google Dynamic Port Forwarding (SSH) and you shall receive

Got user! big thank you to @CHUCHO and @IteXss . People with VIP should pay attention in case they don’t get the results that they expect by following the clues. They might need to change servers, especially if it has to do with port 80!

Hi, I need help with the reverse shell. Nothing I’ve tried has worked. I want to ask several questions to see if I can understand what I’m doing wrong.

Got user as well. Now in machine D*S do i privesc here or there is another pivot i need to do?

I’ve already got it to work

Stuck on g** file … dont know how to decrypt it. Please DM

Alright got root.txt. but how to get the root shell ?

is it common to get root first than user on this box? seemed to easy to get root, maybe i found something that i wasn’t supposed to? :confused:

i’ve got user on main box , got my way through on “inner box” , got my way through on “safe box”
i know what is g** file … thanks to google :smiley:
any hint on how to transfare this g** from “safebox” to “innerbox” keeps getting "port 22: Connection timed out "

Edit :GOT ROOT

Am i the only one around here who stucks at the .-o**n website and is unable to get a callback to nc ? Like really, I am doing this for hours now and I am quite sure I know what to do but I never get a callback to my nc.
Is there a hidden ninja technique or am I supposed to sacrifice a cow ?

@Baikuya said:
Am i the only one around here who stucks at the .-o**n website and is unable to get a callback to nc ? Like really, I am doing this for hours now and I am quite sure I know what to do but I never get a callback to my nc.
Is there a hidden ninja technique or am I supposed to sacrifice a cow ?

I´m have the same problem the callback in the o**n :frowning:

On beginning rev shell i found root.txt it not was cool! but after some enumeration i got root second time on other host ;). Last part was really nice!