Hint for HELP

Any hint on how to get that shell up on page ? Note: I find my jpg when i upload it, just cant upload a functional php.

Strangeā€¦

The most used method to gain root is not working anymore? xD

edit:

Nvm, rooted. lolā€¦

@ntroot said:
Any hint on how to get that shell up on page ? Note: I find my jpg when i upload it, just cant upload a functional php.

Ah nvm. got it :slight_smile: Why is it always when i post i get the answer by myself in next 5 minutes. LOL !

Get user credential but where can i use them? Looking for webapp but canā€™t find!

anyone willing to pm me and check my script/methodology on the app. Iā€™ve had some connections back from the app, that then terminate? not sure whats going on?

Completed this machine if any one need help feel free to pm :slight_smile:

Rooted
User: i used the first method on the first port :stuck_out_tongue: would still work my way on the other method later
Root: was pretty easy and obvious

Keep it simple and donā€™t be too lazy

In terms of time travelling, Iā€™m assuming altering the date is required. Is changing the time needed too?

I am lost in the file extension bypassing
any hint for that?
I have tried with different extension and modifying the content type
but none of them work

Apart from the unauthenticated way,
I have no idea on constructing the n***.*s query

Thanks in advance

@mystory20 said:
I am lost in the file extension bypassing
any hint for that?
I have tried with different extension and modifying the content type
but none of them work

Apart from the unauthenticated way,
I have no idea on constructing the n***.*s query

Thanks in advance

same here. i can find my jpeg file with exploit script but stuck on bypassing the file extension filter ā€¦ hints will be appreciated.

Thanks.

Are there any changes in the last hours ? I managed to upload and run a shell on this twice but after a reset, nothing seems to work. I already got user but while trying root i found that someone caused havok on the system.

I can find and call .jpg and i was able to upload .php too but stopped to work.

ā€“updateā€“

And of course the second I post another run actually works. Must have been bad luck with the server earlier.

I am having trouble with the upload and run shell one too. I think I know how to get around the filter, but I canā€™t even get a jpg or txt upload to work. Even with some time travel although the server header responses look like they match my system time anyway.

Now Im really confused. I used the REST alternative to get user and its hash (with one of the previous posts its easy). I cracked the hash and have also password. tried to log in via the lowest port and cannot. What am I missing?

Rooted. I used the obvious way.
If someone knows other ways to root please PM me so we can discuss.

mystified as to how everyone else is getting the script to return results

Iā€™m having some bad luck with the VPN connection so my script fails intermittent.

Managed to get user, working on priv esc now :slight_smile:

So Iā€™m stuck on just getting user. I retrieved some creds from that high port service, logged into the web app using them.

Didnā€™t see much other than a little bit less blindness.

I did get a fixed up exploit to give me a helpful URL.

However I canā€™t seem to move past the filtering to execute my shellcode.

Should I have stuck with just the high-port service for getting a shell or is the web app the right direction?

Anyone have any php pages theyā€™d recommend for filtering bypass ideas?

Iā€™m assuming resets would also cover databases and that the challenge isnā€™t broken from others modifying it.

Fun box! My advice is to examine the upload code and the exploit code closely, and edit as needed ā€“ might have to do some manual experimentation. After finding your shell, itā€™s a quick step to root! Basic, basic enum.