Hint for HELP

Is machine’s timezone important? Also i can’t even find jpg files when i upload. Helps will be appreciated.

Sorry if spoiler but apparently people have been using this video as a hint: Leon Shows Larry How to Deal w/ Bullies | Curb Your Enthusiasm (2017) | HBO - YouTube

I mean wtf is going on with this machine. Constant resets, people changing the password. Have some ■■■■■■■■ class or integrity.

It seems that people are changing settings on this box after they get in. Things that worked up to a point yesterday don’t work today. For instance P*P shells would upload yesterday and today they are not allowed.

Ugh. I can’t seem to execute malicious code in the ticketing system…

Hi Everyone. I like this box. Congrat to creator. Some guidance for anyone now doing it.
Do your enumeration
think logically google exploit for app
read exploit! what is it talking about, what file? get the file from github, what else can you learn?
I did not even need to modify exploit in order to work, I’m in UK (wonder why that’s important??? ;))
for root go back to basics as mentioned before!

Got a password. Need a username. Tried any possible, logical combo. Can’t login. Any idea on possible usernames?
Edit: found it. Just use what you got.

Found creds. Im getting bunk results on a SQLi once authenticated. Pulling my hair out. can anyone pm me some nudges?

Im apparently dumbfounded by the upload bypass too. Github code looks easily by passable but im failing miserably.

Someone pm me and ill + rep you

@ChiefCoolArrow said:
Found creds. Im getting bunk results on a SQLi once authenticated. Pulling my hair out. can anyone pm me some nudges?

Im apparently dumbfounded by the upload bypass too. Github code looks easily by passable but im failing miserably.

Someone pm me and ill + rep you

At one point yesterday it was straightforward for uploading shells and today it doesn’t work. I don’t know what happened.

i just found three ports ,webapp dir , and i know the script, i tried upload shell.php.jpg, it doesn’t work(i did found the correct url by script) i don’t know how to use, i didn’t found sqli. Anyone PM me, hit me plz…

Finally got root on the box. It was honestly a fun box. I learned a lot. There are a couple of trivial parts you need to tackle for the initial foothold (USER).

USER: There are two different ways. I went with the unauthenticated way. I also got the user creds for the authenticated way but didn’t try it yet. As I mentioned before, you need to solve the trivial parts in order to get a successful RCE. :slight_smile:

ROOT: As mentioned by many people, stick to the basics. Most famous ones are not always your friend :-]

For the USER part I got some help from Forum, please PM me if you need some help.

Enjoy!

finally got root after 2 days stuck. this machine remind me to not overthinking ^^

@d4z3c said:
Finally rooted! Thanks @Golgo for your hints and @cymtrick for the box. User was frustrating…

Good work!

Read the source code. It’s lame as ■■■■. I don’t even know why the software bother to put out an error message. The alternative method is kinda cool. Let’s just say that it competes with the motionless architecture and a social media giant (starts with F) started it first.

Ahhh… wow I made this much harder than it should have been… pm me if you are stuck.

Hints:
User: i went unauthenticated… just make sure you read the usage and sample usage of things…

Root: Really don’t assume things… don’t think wow that’s recent there’s no way…

Newb here!

So I’m going the easy way, and I’m at the part where I’m running a script. I believe I have the right command, but it can’t seem to find my file I uploaded.

After reading through hints, it has something to do with time. I changed my boxes time to the same as the the Help box, still no luck. I think I have to adjust something in the script’s code but I’m unsure how.

If someone could point me in the right direction and give me a nudge that would be gr8.

hey guyz cn you help me for unauth shell access. i tried. but still i couldnt get the shell

Hello guys, can someone help me please on this machine … i’m stuck … thanks in advance :slight_smile: <3

As some others have said, running into restrictions on filetypes here. I’ve looked around at using null chars, multiple file extensions, checked thru the code that’s doing the validating, but no luck.

Is there a technique that you’re using to upload a certain filetype? Or was it just allowed on the box when you tried it?

rooted it. hint for root. if you done with most vulnhub machines. u cn root this easily. hahahahaa

■■■■, I spent too much time banging my head against the wall on some stupid mistakes. I went the easy (unauthenticated) route, since I couldn’t figure out the high port endpoint, and after reading the code I’m not sure how I was supposed to discover that other than a wild guess.

Hint for user: go read the code, seriously, pay close attention to it, don’t trust the exploit documentation over what you’re seeing, but the exploit code is correct.

Hint for root: I hate typing in the wrong window almost as much as I hate Caps lock.