Hint for HELP

rooted … nice box

anyone to give me a direction on xxxx port and the corresponding technology
thank you

the kernel exploit has been patched? It doesn’t work for me anymore?

whenever i tried to open http://Help-IP/u*****s/t*****s in browser i am getting apache2 default page is this an intended behaviour…really struggling to get RCE…any hint would be welcome

can anyone verify whether it still works or just me being dumb

Be aware of the place where the file will be uploaded :).

Just a quick shoutout to KryptSec for helping me out with multiple machines amazing guys @Treelovah

for the upload: don’t trust the error. Not sure that knowing the log in credentials gives any advantage, though. In my experience it doesn’t.

got root finally, can anyone PM me about N***.J* foothold? I stepped in with other way.

Anyone else having issues with finding your uploads? Even upping the range to 3k in the script, no dice. Even tried replying w/ admin. Every ■■■■ time i turn around timing of everything is changing. Help ??

@headRx said:
Anyone else having issues with finding your uploads? Even upping the range to 3k in the script, no dice. Even tried replying w/ admin. Every ■■■■ time i turn around timing of everything is changing. Help ??

if you know the correct path you will find it (assuming the time is correct)

For an “Easy” machine this is not easy at all…

when upload php shell, the site info : file is not allow, if my file is upload success? and the correct shell url is: site/sp/u/t****/.php? right?

edit:ok i got shell… is right

Yeeeees at least!! Pwned the box.

Please let me know if you need some hint, i’ll try to help you.

@Warlord711 said:
Are there any changes in the last hours ? I managed to upload and run a shell on this twice but after a reset, nothing seems to work. I already got user but while trying root i found that someone caused havok on the system.

I can find and call .jpg and i was able to upload .php too but stopped to work.

can u give a hint regarding location of jpg or php ?
/st/u*/t*****s/ don’t know what to patse after the last folder?

@GreysMatter thanks for the last piece of advice. An easy machine to overthink. I did it. Ran 3 different exploits for Priv Esc. The way to user gives requires you to do fixing and running. Everything comes to you if you are patient and persistent enough.

can u access the page on port 80??
someone just screwed the box

@kamilonurz said:
got root finally, can anyone PM me about N***.J* foothold? I stepped in with other way.

I’m asking for the same since last week but no one so far :slight_smile:

hey, someone can help me plz pm? xdxd

I’ve learned that whenever you encounter an app, see if you can find the source and mine it for file locations, sqli possibilities, passwords etc etc. Several boxes here are like that as well as in pwk, iirc. Also our pentesters at work routinely find stuff this way.

Also READ your exploits. The user one didn’t require any modification but you needed to read and follow the directions.

Root was a 30 sec affair… once I updated my searchsploit!!!

10/10 box. Multiple ways in, great reinforcement of solid hacker workflow. Even one or two tiny little teases, and some creds sprinkled around.