Anyone available to checkover some code ? - don’t want to give away spoilers here
Got something to decrypt something , found something similar on google that, with a bit of alteration should do the job . Only issue is, its deleting the file or just outputting unreadable characters as apposed to what its supposed to do.
Dont really want to waste another day trying to figure why this is misbehaving.
@CandiedPixel said:
Anyone perchance have a heads up on the direction I should be heading in since arriving at the p** creator site? Any help woud be fabs!
Hi there.
You need to determine what software the service running. Just use any web proxy tool, such as Burp Suite for this.
Once you determine what software is used, from there you can then search online for ways of exploiting that service (as others have already mentioned earlier in this thread :D).
Once you have exploited the service you should be able to get code execution/shell.
I hope that helps. Feel free to PM if you need any further help.
Rooted. Thanks @drywaterv2 for your encouragement to watch carefully the service.
To be honest, when I was somewhere in the middle of acquiring the user flag, I was quite frustrated. The reason is that I hate CTF-like boxes, and to be honest the whole user part was not really realistic. Plus, I hate brute-forcing stuff. Anyways, what I like a lot is the root part, that even though it’s easy for most people, is something different from what you usually see in this kind of boxes … and it was also pretty realistic as far as I am concerned. For this reason, I rep up this box. If you have any question, feel free to PM me, and I will try my best to answer you back ASAP.
I got to the “U wil fid noting hee” site. it creates p** files. At this point I am stuck. I found a aj**.p*p file and tried using zap but did not notice. any hints what I should do next would be welcomed! thx
@th30ne said:
I got to the “U wil fid noting hee” site. it creates p** files. At this point I am stuck. I found a aj**.p*p file and tried using zap but did not notice. any hints what I should do next would be welcomed! thx
Use Burp for see what happens… aj**.p*p is not the way.
Alright, I am having trouble figuring out how to actually utilize LX within the PF CER ! I have Googled the snot out of the topic and there are very few walk throughs laying out the process. I have used BR and one code gave feedback but the D*ld url did not exist. Any help based on that knowledge would be amazing. Sorry to bother all.
Finally got this box. This is only my second box on HTB and there were definitely some quirks to getting it going. Once I figured those things out it went much smoother. Fun box.
I’m stuck a little getting a shell. I’m using th w****18 option to spawn a php reverse shell but it drops immediately after the connection is established. Did anybody had the same issue?
EDIT: solved. The pe(a)rl of wisdom helped. Thanks for that!