Hint for HELP

Did the gr***l way (username and password) if anybody wants hint or wants to discuss, feel free to pm me.

Type your comment> @Echo99 said:

Stuck on user, trying HelpDesk Way. I’m attempting to find the php shell uploaded, i’m also pretty sure that the directory in which the file will be uploaded is /st/u*/t*****s/. I’ve also red the github repo trying to figure out how files are managed, Nevertheless can’t even display on the website a previous uploaded jpg file. Any hint will be appreciated.

-Edit, Finally found the way to found uploaded files, searching now a way to RCE php. It always showing the jpg image even if code is embedded in exif

-Edit, Got user even if with some difficulties. Also got root in a very straightforward way.

Hint for user (low port):
To understand where your file will be uploaded read docs and search for
a specific hd exploit

Hint for root: Enumeration and Search are the two main words

After 2 days of user, I finally timed out and got user. Root followed shortly. Thanks to @Echo99 for a nudge.

I have been trying to get the user flag for days using the unauthenticated s**** upload. After reading through this thread and actually reading the code for the exploit I believe my clock needs to be adjusted although I don’t what to adjust it to. Anyone that has figured out how to figure out the adjustment for time please PM me so I can stop banging my head on this machine.

your clock doesn’t need to be adjusted, as several people have pointed out.

Just got root. Wow, that took a lot longer than it should have done, but at least I learnt a lot about shells.

The root isn’t quite as easy as it first appears. Think about what’s actually gone wrong.

Got root!! Thanks to @smaxxx @EXC3L I was getting invalid argument error when executing exploit, but it worked after couple of resets.

Stuck on user, so I got the credentials from the high port and logged into the lower port but I’m lost on what to do next. PM me I need help :frowning:

Got the credentials, cannot connect low port with them, any suggestions?

Got root the unintended way, This was a good box.

Pm for Hints if needed :smiley:

Think somebody change username and pass, cant login anymore…

Got root, but I am still wondering about the hints on caps lock and misspelling for privesc. Anyone wants to shed a light in PM? Thanks!

Got user. Had done a stupid mistake. People who are able to file .png/jpeg file and not php, please look at the python code you are running.
Edit: And who are not able to find .jpeg/png files uploaded, you guys also check the python code.

Can some one give a hit/help in pm I am new at node.js

Hello guys kinda stuck here!
I managed to use the exploit and find my files but I am not able to establish a connection using r******_t**.
Kinda new on this exploit tecnique, I think I am doing some small thing wrong and as much as I am trying to fix things, nothing happens.
Can I PM someone(or someone PM me) so I can solve some doubts? Thanks!

Managed to get RCE after a bit of struggling. Got creds from the higher port and did some basic enumeration to get root. Always start with the most basic and obvious things rather than looking for a complex solution right off the bat.

I have rooted the machine with public exploits but would like to do it with node js and credentials way. Can anyone please nudge me in right direction?

Would anyone be willing to give me a hint with timetravelling ? I’m confused why there’s an issue sine time() is epoch and machine is set to correct date/time…

Type your comment> @5nak3Eyes said:

I have rooted the machine with public exploits but would like to do it with node js and credentials way. Can anyone please nudge me in right direction?

I am in the same boat. The typing error in that log file seemed interesting but couldn’t get my head around it. Any tips?

Type your comment> @krypt said:

Type your comment> @5nak3Eyes said:

I have rooted the machine with public exploits but would like to do it with node js and credentials way. Can anyone please nudge me in right direction?

I am in the same boat. The typing error in that log file seemed interesting but couldn’t get my head around it. Any tips?

This one also involves a google search and working your way up from the source code.