Hint for HELP

got the user, stuck on root. I read the files and found the thing. But now what do I do with it?! can’t sudo or su in the reverse shell…

Rooted! Thank you @Echo99 for the help!

Rooted loved the box. Did the gr***l (user and password) way if anybody wants help or discuss how I did it, feel free to PM.
Shout out to people who helped me thanks guys <3

Did the gr***l way (username and password) if anybody wants hint or wants to discuss, feel free to pm me.

Type your comment> @Echo99 said:

Stuck on user, trying HelpDesk Way. I’m attempting to find the php shell uploaded, i’m also pretty sure that the directory in which the file will be uploaded is /st/u*/t*****s/. I’ve also red the github repo trying to figure out how files are managed, Nevertheless can’t even display on the website a previous uploaded jpg file. Any hint will be appreciated.

-Edit, Finally found the way to found uploaded files, searching now a way to RCE php. It always showing the jpg image even if code is embedded in exif

-Edit, Got user even if with some difficulties. Also got root in a very straightforward way.

Hint for user (low port):
To understand where your file will be uploaded read docs and search for
a specific hd exploit

Hint for root: Enumeration and Search are the two main words

After 2 days of user, I finally timed out and got user. Root followed shortly. Thanks to @Echo99 for a nudge.

I have been trying to get the user flag for days using the unauthenticated s**** upload. After reading through this thread and actually reading the code for the exploit I believe my clock needs to be adjusted although I don’t what to adjust it to. Anyone that has figured out how to figure out the adjustment for time please PM me so I can stop banging my head on this machine.

your clock doesn’t need to be adjusted, as several people have pointed out.

Just got root. Wow, that took a lot longer than it should have done, but at least I learnt a lot about shells.

The root isn’t quite as easy as it first appears. Think about what’s actually gone wrong.

Got root!! Thanks to @smaxxx @EXC3L I was getting invalid argument error when executing exploit, but it worked after couple of resets.

Stuck on user, so I got the credentials from the high port and logged into the lower port but I’m lost on what to do next. PM me I need help :frowning:

Got the credentials, cannot connect low port with them, any suggestions?

Got root the unintended way, This was a good box.

Pm for Hints if needed :smiley:

Think somebody change username and pass, cant login anymore…

Got root, but I am still wondering about the hints on caps lock and misspelling for privesc. Anyone wants to shed a light in PM? Thanks!

Got user. Had done a stupid mistake. People who are able to file .png/jpeg file and not php, please look at the python code you are running.
Edit: And who are not able to find .jpeg/png files uploaded, you guys also check the python code.

Can some one give a hit/help in pm I am new at node.js

Hello guys kinda stuck here!
I managed to use the exploit and find my files but I am not able to establish a connection using r******_t**.
Kinda new on this exploit tecnique, I think I am doing some small thing wrong and as much as I am trying to fix things, nothing happens.
Can I PM someone(or someone PM me) so I can solve some doubts? Thanks!

Managed to get RCE after a bit of struggling. Got creds from the higher port and did some basic enumeration to get root. Always start with the most basic and obvious things rather than looking for a complex solution right off the bat.

I have rooted the machine with public exploits but would like to do it with node js and credentials way. Can anyone please nudge me in right direction?