Hint for HELP

Alright so i got user creds to login to webapp. I see that peope are uploading a couple of diff files, and what i’ve gathered from this thread is there are scripts you can modify and upload to get a shell. Would someone be willing to PM me and go into detail what this entails so that I can learn what to do exactly? Thanks.

Okay. Sometimes, you feel like a nut, sometimes you dont ?

Just started on this. … [bunch of whiney stuff deleted] … got the shiv but getting nowhere … [more blah blah deleted] …

edit: thank you @h00ligan . I don’t know how I would have ever discovered the “server” without the tip – it showed up in exactly 0 of my scans and not in any of my web headers. Not that I’m complaining about the box at all – I see that there is a subtle hint in the message to shiv that more googling would have turned up. A more experienced pentester would probably have recognized it pretty quickly. And in the real world, well, when I don’t know something I go find my experts :slight_smile:

anyone help me ?

Nice box, user was really fun in my opinion. Root was very easy you just have to enumerate and put the pieces together.

Small tip for user:
Read the sources and gain an understanding how the upload process works.

rooted … nice box

anyone to give me a direction on xxxx port and the corresponding technology
thank you

the kernel exploit has been patched? It doesn’t work for me anymore?

whenever i tried to open http://Help-IP/u*****s/t*****s in browser i am getting apache2 default page is this an intended behaviour…really struggling to get RCE…any hint would be welcome

can anyone verify whether it still works or just me being dumb

Be aware of the place where the file will be uploaded :).

Just a quick shoutout to KryptSec for helping me out with multiple machines amazing guys @Treelovah

for the upload: don’t trust the error. Not sure that knowing the log in credentials gives any advantage, though. In my experience it doesn’t.

got root finally, can anyone PM me about N***.J* foothold? I stepped in with other way.

Anyone else having issues with finding your uploads? Even upping the range to 3k in the script, no dice. Even tried replying w/ admin. Every ■■■■ time i turn around timing of everything is changing. Help ??

@headRx said:
Anyone else having issues with finding your uploads? Even upping the range to 3k in the script, no dice. Even tried replying w/ admin. Every ■■■■ time i turn around timing of everything is changing. Help ??

if you know the correct path you will find it (assuming the time is correct)

For an “Easy” machine this is not easy at all…

when upload php shell, the site info : file is not allow, if my file is upload success? and the correct shell url is: site/sp/u/t****/.php? right?

edit:ok i got shell… is right

Yeeeees at least!! Pwned the box.

Please let me know if you need some hint, i’ll try to help you.

@Warlord711 said:
Are there any changes in the last hours ? I managed to upload and run a shell on this twice but after a reset, nothing seems to work. I already got user but while trying root i found that someone caused havok on the system.

I can find and call .jpg and i was able to upload .php too but stopped to work.

can u give a hint regarding location of jpg or php ?
/st/u*/t*****s/ don’t know what to patse after the last folder?