Curling

R00t3d but no shell, can someone help me on this part? I also wonder if I used the right thing to read the flag.

Managed to log into console, to gain shell is it a case of uploading one or am I overlooking something else that can be used used to connect. Not overly familiar with Joomla. A PM with a nudge in the right direction would be most appreciated.

Never mind, got there in the end, have user.txt now for root :slight_smile:

Hey, guys got the user.txt, working on root but found nothing useful tried some traditional privesc but nothing worked. Any hints would be useful. Please PM me for any hints. Any kind of help will be appreciated.

Hi Guys, New to all of this, done one other Machine before this “ACCESS”. I’m curious, I scanned the ports and services, so I know what ports are open etc and what types of services are running behind. Noticed something about joo*** so I went on the website and was told to analyse the p** looked at that and have noticed the user that was editing it all. But where do I go from here. I know nothing about PHP. If anyone also has any material that would help to learn all of this stuff I would greatly appreciate it even more. Thanks Guys, great community :smiley:

I wouldn’t say you have to learn php to gain access to this box, although it really will help you in the future, id suggest studying up a bit on it.

In the meantime you are definitely on the right track, I would continue to use google like you used your ■■■■ sock back in the day. umm is that weird? no right? Just keep going your almost there, google more for php exploits on Joomla (version) look for previous vulnerabilities that have been used, search for anyway into this machine. If you have any further questions pm me with the steps you’ve taken.

@Treelovah said:
I wouldn’t say you have to learn php to gain access to this box, although it really will help you in the future, id suggest studying up a bit on it.

In the meantime you are definitely on the right track, I would continue to use google like you used your ■■■■ sock back in the day. umm is that weird? no right? Just keep going your almost there, google more for php exploits on Joomla (version) look for previous vulnerabilities that have been used, search for anyway into this machine. If you have any further questions pm me with the steps you’ve taken.

What a helpful dude thank you so much, I will do just that.

Looking at the source code guys, my brain is working over time. What should I be looking for? Am I looking for credentials? Am I supposed to script something, should I be trying to inject something. Ideally I know joomla has a back admin page, should I be trying to access this. I literally still have no clue.

EDIT: Something just sparked, the user that created this, if I create a reverse shell on the site via PHP would this work, is this the logic?

@shredz said:
EDIT: Something just sparked, the user that created this, if I create a reverse shell on the site via PHP would this work, is this the logic?

I think that is a good thought process. I would encourage you to run down that rabbit hole.

@shredz said:
Looking at the source code guys, my brain is working over time. What should I be looking for? Am I looking for credentials? Am I supposed to script something, should I be trying to inject something. Ideally I know joomla has a back admin page, should I be trying to access this. I literally still have no clue.

Hey. In the Firefox browser right click on a page and click “View Page Source” look for anything that looks like it is out of place, once you see it you will know.

I’ve been trying to log into the webpage. I found s*****.txt but I don’t know how to crack it. I’m pretty sure I know the username.

Finally rooted it. Hit me up if you need hints.

@blu3r4d0n said:
I’ve been trying to log into the webpage. I found s*****.txt but I don’t know how to crack it. I’m pretty sure I know the username.

Do you need to crack it? Maybe you need to decode it?

no clue on how to decypher p***_b**** or how to know what format is the file. I have tried xxd and file and im getting nothing useful.

Been working on getting root.txt for a few days now and am 95% certain that the path I’m on is correct. I’ve read through the forum, studied the man pages of that command, understand how the files in that folder are being manipulated, and conducted successful tests with my method on two other boxes. Just not working on this one. Can I get a nudge via PM?

I got a shell by accident, I changed a t****** and the user is w**-**** but no idea where to go form here.

EDIT: AHHHH I got it

Alright, having trouble decoding whatever is in that file pretty sure it’s a h*******. I already tried x** -*

@blu3r4d0n said:
Alright, having trouble decoding whatever is in that file pretty sure it’s a h*******. I already tried x** -*

There are several layers here. This hint helped me:

@td00k said:
For the ones that are stucked on that crazy b***up file, I recommend to take a look on the OverTheWire – Bandit, level 12. Hope that isn’t too much spoil :slight_smile:

Alright - so I’ve been scratching my brain on how to get root.txt for a few days now. I’m aware of the service and the nearby folder, but I’m lost at how to leverage them effectively for root.

If anyone’s finished that part and is willing to hear what I’m trying to do and provide a nudge, I’d greatly appreciate it. This is my third box and sometimes I think it comes down to not knowing what I don’t know.

Please DM me if you’re able to help. Thanks.

EDIT: Got root. Thanks @Spiderixius for the helpful hint.