Hint for HELP

I got root and i must say i have learned a lot from this box. Just want to say thanx to @cymtrick once again. Enjoyed it big time. :slight_smile:
I am however interested in the alternate way to get user and root. If someone could pm me regarding this it would be great.

Before the last reset I was able to upload a thing, now i can’t. I’m assuming the box has been updated then?

If that’s the case, i’m not sure what to do now that i can login to the webapp; I still can’t upload what i want to, and i can’t figure out how i might upload it to the other part of the site.

Can anyone confirm if the other method of getting user (IE the one that only uses port 8*)

Also interested in hearing alternate root/user methods.

@iseethieves I can confirm port 80 unauthenticated method still works.

I’m curious on the method that focuses in the other port :stuck_out_tongue: If somebody wants to share I rooted it with the other path.

Rooted the box. User was not too easy but root was very easy. If anyone needs a hint feel free to PM me.

I don’t understand how the information gained from port XXXX was supposed to be used, even after using it I didn’t seem to have extra privileges than an unauthenticated user.

If somebody could DM me with the alternative root privesc I’d be happy, got it the obvious way but couldn’t easily see an alternative.

Rooted this box…never touched the n****s service at all. Odd that it’s there and seemingly unnecessary. Can someone else who rooted this box explain via DM what’s the purpose of that service, and how it can be used for foothold? Lots of people marking this box as a piece of cake but I found it to be fairly complex. I must have missed something that’s going to make me feel like an idiot.

service running on ****.js is an alternative for the REST. it is gaining popularity and major companies are shifting towards it because of flexibility and easiness during communication. Instead of 100 rest api calls this service can pull data at once. Not only js but this service can be used on any backend technology. It is fun to learn.

I’ve been going in circles for a few hours now. Have made no progress. I’ve managed to find a mention to Shiv, but have failed to find any credentials. There was a header with some a request and response but I have not found anything useful. I have also been searching how to leverage n***.js but have had no luck. Just a bunch of failed attempts at getting a reverse shell by listening to port 80 while trying different q=require’… commands in the url, which is from googling abunch of stuff about it. The learning curve I am attempting to climb is a bit steep, can i get a push?

Any hint on how to get that shell up on page ? Note: I find my jpg when i upload it, just cant upload a functional php.

Strange…

The most used method to gain root is not working anymore? xD

edit:

Nvm, rooted. lol…

@ntroot said:
Any hint on how to get that shell up on page ? Note: I find my jpg when i upload it, just cant upload a functional php.

Ah nvm. got it :slight_smile: Why is it always when i post i get the answer by myself in next 5 minutes. LOL !

Get user credential but where can i use them? Looking for webapp but can’t find!

anyone willing to pm me and check my script/methodology on the app. I’ve had some connections back from the app, that then terminate? not sure whats going on?

Completed this machine if any one need help feel free to pm :slight_smile:

Rooted
User: i used the first method on the first port :stuck_out_tongue: would still work my way on the other method later
Root: was pretty easy and obvious

Keep it simple and don’t be too lazy

In terms of time travelling, I’m assuming altering the date is required. Is changing the time needed too?

I am lost in the file extension bypassing
any hint for that?
I have tried with different extension and modifying the content type
but none of them work

Apart from the unauthenticated way,
I have no idea on constructing the n***.*s query

Thanks in advance

@mystory20 said:
I am lost in the file extension bypassing
any hint for that?
I have tried with different extension and modifying the content type
but none of them work

Apart from the unauthenticated way,
I have no idea on constructing the n***.*s query

Thanks in advance

same here. i can find my jpeg file with exploit script but stuck on bypassing the file extension filter … hints will be appreciated.

Thanks.

Are there any changes in the last hours ? I managed to upload and run a shell on this twice but after a reset, nothing seems to work. I already got user but while trying root i found that someone caused havok on the system.

I can find and call .jpg and i was able to upload .php too but stopped to work.