Curling

Got p******_b*****. I found out what kind of file it is, but I can’t decode it. Any hints would be appreciated. Thanks

@Silento said:
Got p******_b*****. I found out what kind of file it is, but I can’t decode it. Any hints would be appreciated. Thanks

edit : Got user.txt :+1:

Hi! I uploaded the reverse shell for j***** but when I try to access to it, It is in blank, I can’t figured out what is happening, pm me if you have any idea, I’m done with that…

Thanks in advance!

root.txt at last ,Thank you very much for your advice and patience to @clmtn @lcw

I could really use some help getting the root.txt
Could someone PM me with a hint or two?

— all done! Thanks to @zz123 for the hint.

Can some one pm me ? I need help?

Got root! Thanks to all the hints! This was my second box and I am generally a newcomer in pen-testing. So if someone, more experienced, would like to help me understand better the mechanics behind this please PM me.

This is my first box, I am a little stuck. I got into the admin panel, but can’t figure out how to get a shell. Any help will be appreciated!

Need help with priv-esc got user.txt
Could someone PM me with a hint or two?

i feel like such a script kiddie. need help please pm

i’m confused by user or i’m over complicating things, can someone assist?

Rooted. Excellent Box. I took away some awesome knowledge from this. ty <3

I got the user flag pretty easily… Stuck with how to get root now. I know I have to use c*** and the wa* area but I’m just not sure what to do… A PM would be appreciated. =)

got root, much more simple than you think it is. PM me for a hint.

R00t3d but no shell, can someone help me on this part? I also wonder if I used the right thing to read the flag.

Managed to log into console, to gain shell is it a case of uploading one or am I overlooking something else that can be used used to connect. Not overly familiar with Joomla. A PM with a nudge in the right direction would be most appreciated.

Never mind, got there in the end, have user.txt now for root :slight_smile:

Hey, guys got the user.txt, working on root but found nothing useful tried some traditional privesc but nothing worked. Any hints would be useful. Please PM me for any hints. Any kind of help will be appreciated.

Hi Guys, New to all of this, done one other Machine before this “ACCESS”. I’m curious, I scanned the ports and services, so I know what ports are open etc and what types of services are running behind. Noticed something about joo*** so I went on the website and was told to analyse the p** looked at that and have noticed the user that was editing it all. But where do I go from here. I know nothing about PHP. If anyone also has any material that would help to learn all of this stuff I would greatly appreciate it even more. Thanks Guys, great community :smiley:

I wouldn’t say you have to learn php to gain access to this box, although it really will help you in the future, id suggest studying up a bit on it.

In the meantime you are definitely on the right track, I would continue to use google like you used your ■■■■ sock back in the day. umm is that weird? no right? Just keep going your almost there, google more for php exploits on Joomla (version) look for previous vulnerabilities that have been used, search for anyway into this machine. If you have any further questions pm me with the steps you’ve taken.