HackBack

.

Alright, i have had user shell for a bit, but not seeing any way to system. Anyone out there can drop a hint or suggestion? Thant would be great!

I need a bit of a help, to find the secrete road to the destination

can anyone PM me for a nudge?

Hey guys, kinda stuck. Can someomone PM me ? Really can’t find the obfuscated JS on high port

Hello, I’m stuck on deobfuscating a Javascript file. I tried pretty much everything I know (beautifiers, unpackers, manual debugging in Chrome Developer Tools), but I couldn’t extract any valid information. Could someone point me to the right tools/techniques?

OK, solved it with some help. Now I am stuck on w*******.***. I keep getting bounced. What gives?

Got RCE. Incredibly difficult to plant a shell.

This box does a great job at hiding things in plain sight alright… found the service which hints at different websites and the hidden/obfuscated JS, got it deobfuscated and found the hidden folder it mentions.
Any hint at how to use that hidden folder? Tried various things with the arguments mentioned in the deobfuscated JS to no avail.
What am I missing?

EDIT: got shell as a low priv user… ■■■■ this box has layers on top of layers…

Also got shell as low-priv user, have found a few things but can’t seem to figure out the next step to privesc up… Am I missing something obvious? I’ve combed the FS and tried several things but nothing has gotten me any farther than I am now. A hint would be glorious, I’ve been banging my head against this box for awhile now xD

Type your comment> @foobarto said:

This box does a great job at hiding things in plain sight alright… found the service which hints at different websites and the hidden/obfuscated JS, got it deobfuscated and found the hidden folder it mentions.
Any hint at how to use that hidden folder? Tried various things with the arguments mentioned in the deobfuscated JS to no avail.
What am I missing?

EDIT: got shell as a low priv user… ■■■■ this box has layers on top of layers…

I’m in the exact same position. Managed to figure out what the hidden folder was for, however, can’t seem to get the arguments right. Could anyone point me in the right direction?

Its very hard to plant a shell/find RCE in this box. Any hints would be really helpful

Did anyone figure out a way to get a root shell?

.

I got trolled badly by this one.

Managed to be as a low privileged user on this box. Anyone willing to share ideas how can we move to h***** ?

Anyone could give me a clue on how can I execute commands from the web*****.***? lol…

I can upload a file with that extension to the current folder… ok.

I filled this file with the common functions when we want to obtain a RCE using this extension… ok.

But the commands simply don’t work D:

Ok. Got a low level access.

What a hard box :slight_smile:

Rooted! :slight_smile:

Thanks @decoder and yuntao for it!

Edit: For those who are sending me PM, I can help, really. But please: Tell me what you’ve done, what you’ve tried … Give me a bit xD

This box is so complex that it is not possible for me to give any hint to followers.
Only the best wishes!

Type your comment> @plonk said:

Found the h*** command on port **** that lists the h****,p***,w*****,l***,i***,s*******,n*****,i****** commands and looked at each of those - didn’t find any obfuscated js. Am I looking at the wrong high port service?

Found go***** in there, but not sure how to interact with it.

Can anyone suggest a tool that can be used to interact properly with this service generally? Or is there some strategy at guessing what it wants? Would appreciate the help - either on here or in PM.