I managed to get a shell uploaded and ran nc to get my shell back, but after uploading it, nothing happens. Have I done something wrong? I know my code needs executed in order to return a shell, but I’m not sure how to get this back… Could anyone who has already rooted provide me with a nudge?
Edit: Stuck on the final stage now… Can’t seem to get this i**** file to do what I want… any hints on this?
So I’m basically stuck on privesc for root with the i**** file and the r***** file. I recognize the contents of the r***** file, and I also have tried running c*** on the address provided, but I can’t seem to get anywhere… Circling around this for a while now. Can someone who has already rooted the box potentially point me in the direction I should be headed in for this? Thanks!
Hardest parts of this box is getting to what you need to before the dam thing gets reset its a race against time get your shell in a good spot and roll from there. nc the right file back out to terminal and work it on your own box. If you can’t no worries reach out heading for root now but can help with the special file like Bandit mentioned but have better commands to get it quick since its a time race for your shell to be blitzed every 20 mins lol…good luck!
Hardest parts of this box is getting to what you need to before the dam thing gets reset its a race against time get your shell in a good spot and roll from there. nc the right file back out to terminal and work it on your own box. If you can’t no worries reach out heading for root now but can help with the special file like Bandit mentioned but have better commands to get it quick since its a time race for your shell to be blitzed every 20 mins lol…good luck!
edit: Root! aha hint its all about timing too to edit a certain file look in a nearby folder run commands see a certain thing running under root its prints out something like a? good understand that and understand how to use curl to pull files like think of how kali opens by default see the url? thats a good hint hopefully not to much of a spoiler good luck! hit me up help you further if need be,
I’m stuck at privesc, I understand that I need to deal with a****-**** and curl command but I don’t understand which process creates them and how do I grab the root.txt.
Firstly, please stop nuking the index.php page… there are plenty of alternative vectors that won’t ruin it for everyone. And secondly, I’ve managed to grab the root flag using the neat little trick provided (YAY!) but I’m now stuck trying to pop a root shell. RTFM’ing for the last 12+ hours and I’ve gotten no where in terms of using the same tool to gain access. I’m almost out ideas. Anyone that could nudge me a bit would be very much appreciated!
I found the user.txt but cant read it, I know what the contents of p*****_****P are but im having trouble converting it into anything usefull. If anyone could give me a hand send me a PM plzz