Hint for HELP

Rooted, for a box of 20 points itā€™s not easy at all.

Iā€™ve done two methods of getting into the webapp as an unprivileged user and as an administrator.

With the second method do I get a shell using a similar method as without auth or is there another way?

I want to explore more ways than just the unauth way.

I used the blind SQL way to get administrator in the webapp. Is there a particular method besides similar to the easy way to go after a shell?

If the easy way didnā€™t exist as a vuln but the sql injection still did should I expect to find a way to shell?

I want to make sure I practice the intended ways fully.

I obtained root, but it felt like I was doing so reusing the easy way even though I did use the SQL method.

Assuming the easy way didnā€™t exist but SQL method did anyone could PM tips on how you would go about getting a shell?

For those of you unable to escape for reverse shell, read the code and ask yourself ā€œdo I really need to escape?ā€

machine always got reset while iam using sqlmap :disappointed_relieved:

Can someone confirm the time travel year is 2 years prior to the release of war games staring Matthew Broderick ?

I am so confused, I managed to get user without too much trouble, but now Iā€™m struggling super hard with root, unlike everyone else on this box ahhh! If someone could give me nudge for root I would really appreciate that!

@bluealder said:
I am so confused, I managed to get user without too much trouble, but now Iā€™m struggling super hard with root, unlike everyone else on this box ahhh! If someone could give me nudge for root I would really appreciate that!

Also struggling to get root. Help would be appreciated.

@shadowdriu said:

@bluealder said:
I am so confused, I managed to get user without too much trouble, but now Iā€™m struggling super hard with root, unlike everyone else on this box ahhh! If someone could give me nudge for root I would really appreciate that!

Also struggling to get root. Help would be appreciated.

Legit got it 5 mins after posting this, was strugling on it for a day or two ā– ā– ā– ā– . PM if you need a hand

This was great, thanks @cymtrick ā€¦ Iā€™ll be honest, user threw me for a bit and i did have to dip into the forums so thanks for all of the t*** t***el talk lolā€¦root was game over after about 20 minutesā€¦very cool!

//hints

User: Donā€™t pull your hair out. Well documented, pay close attention to stuff that you normally donā€™t care about :slight_smile:

Root: Old skool, donā€™t reinvent the WHEEL :bleep_bloop:

@shadowdriu said:

@bluealder said:
I am so confused, I managed to get user without too much trouble, but now Iā€™m struggling super hard with root, unlike everyone else on this box ahhh! If someone could give me nudge for root I would really appreciate that!

Also struggling to get root. Help would be appreciated.

Hey. Try looking at some of the most basic and first steps you do when priv escā€™ing. g0tmi1k has a nice list of things to try.

Nice machine enjoyed this one.

User: read the exploit really carefully and follow exactly what you should do, if you did a dirb run there should be a directory which make the most sense for the uploaded tickets. no code changes in the script needed.

Root: as Spiderixius wrote: g0tmil1k has a nice list and searchsploit is your friend

Hello, Iā€™m trying to go throw the N*** service, but I canā€™t find the endpoint someone could give me some hint?

Hello, Iā€™m stuck at the high-level port. I found the endpoint but just cannot get my query right. Some help would be greatly appreciated.

@blueorchid said:
Hello, Iā€™m stuck at the high-level port. I found the endpoint but just cannot get my query right. Some help would be greatly appreciated.

Any hint for the endpoint?

any hint @takeiteasy ???

Hello guys, can someone help me please on this machine ā€¦ iā€™m stuck ā€¦ thanks in advance :slight_smile: <3

@m4rc1n said:
Now Im really confused. I used the REST alternative to get user and its hash (with one of the previous posts its easy). I cracked the hash and have also password. tried to log in via the lowest port and cannot. What am I missing?

likely someone has changed the password, there are a to of trolls on this box

Not sure if something changed on this box, I was previously able to ā€œsubmit a ticketā€ using a bypass and ā€œfind my ticketā€ afterwards. But now I canā€™t find my uploads, even if I upload jpg/txt/etc. Did something change on the box?