Curling

ROOTED !!

PM for hints

Hi,

I am trying to get the user. i did nm** and found 2 ports open. on h***, i found some hash words in s*****.t** but i am not sure what to do with this h*** word…
Am I on the right track?

Pardon me for the noob question. this is my second box. Thanks.

I managed to get a shell uploaded and ran nc to get my shell back, but after uploading it, nothing happens. Have I done something wrong? I know my code needs executed in order to return a shell, but I’m not sure how to get this back… Could anyone who has already rooted provide me with a nudge?

Edit: Stuck on the final stage now… Can’t seem to get this i**** file to do what I want… any hints on this?

I got the shell but of webuser. weird backup i cant make it readable! and looks like that’s the way forward.

Finally rooted this machine, it was a tricky one tho. Fun it is … PM for Hints…

ppl asking basic questions:

Use it! Use it wisely!

Finally rooted!
Can someone pm me on how to gain root shell?

Also, pm for hints

Yahoo, rooted! That’s my first machine.
I’ve got the user hash and the root hash, but I didn’t find out root password. That’s normal?

Type your comment> @ubushan said:

Yahoo, rooted! That’s my first machine.
I’ve got the user hash and the root hash, but I didn’t find out root password. That’s normal?

You don’t need the password. You just do a privilege escalation and gain root (id:0) with it.
Or spawn a privileged shell.

any hint on gettig root?
got user a long back but no luck with root

So I’m basically stuck on privesc for root with the i**** file and the r***** file. I recognize the contents of the r***** file, and I also have tried running c*** on the address provided, but I can’t seem to get anywhere… Circling around this for a while now. Can someone who has already rooted the box potentially point me in the direction I should be headed in for this? Thanks!

Hardest parts of this box is getting to what you need to before the dam thing gets reset its a race against time get your shell in a good spot and roll from there. nc the right file back out to terminal and work it on your own box. If you can’t no worries reach out heading for root now but can help with the special file like Bandit mentioned but have better commands to get it quick since its a time race for your shell to be blitzed every 20 mins lol…good luck!

Type your comment> @Johnny5 said:

Hardest parts of this box is getting to what you need to before the dam thing gets reset its a race against time get your shell in a good spot and roll from there. nc the right file back out to terminal and work it on your own box. If you can’t no worries reach out heading for root now but can help with the special file like Bandit mentioned but have better commands to get it quick since its a time race for your shell to be blitzed every 20 mins lol…good luck!

edit: Root! aha hint its all about timing too to edit a certain file look in a nearby folder run commands see a certain thing running under root its prints out something like a? good understand that and understand how to use curl to pull files like think of how kali opens by default see the url? thats a good hint hopefully not to much of a spoiler good luck! hit me up help you further if need be,

Please if anyone is reading this. Try not poison the index page of the website. There are others attempting this box as well…

Rooted. Funny and easy machine… And yes, Joomla allows to upload a php shell in that simple way also in a real scenario…

ROOT DANCE!!!

I’m stuck at privesc, I understand that I need to deal with a****-**** and curl command but I don’t understand which process creates them and how do I grab the root.txt.

a PM with a clue or a tip will be much obliged.

Firstly, please stop nuking the index.php page… there are plenty of alternative vectors that won’t ruin it for everyone. And secondly, I’ve managed to grab the root flag using the neat little trick provided (YAY!) but I’m now stuck trying to pop a root shell. RTFM’ing for the last 12+ hours and I’ve gotten no where in terms of using the same tool to gain access. I’m almost out ideas. Anyone that could nudge me a bit would be very much appreciated!

Stuck on priv esc as well. Ive been reading and enumerating for about 8 hours now lol. Not sure im any closer.

Rooted, had to do a round about way, but got there in the end. No nuke required.