Hint for HELP

i would appreciate some help for user,do i have to find the credentials first or is there a way without getting them?

Anyone who is willing to shed some light on how to proceed after getting the creds and logging into the website. Thanks!

Got user and root from the lower port. Anyone can PM to give some hint on how to start with higher port? as in what to look at, tools to manipulate?

Hi, I need help from the initial shell… Should I bypass the filter ?

after 2 days finally rooted . Machine was so easy but hard to exploit from first time , enumeration is your weapon , sometime you need to simulate the exploit on your local machine first and also read the application source code it will be great help .

Can someone PM me for hints? I have figured out the time, and I set my system time to it so that I don’t have to alter the script that I found, but when I run the script it just hangs, and I think that I am having issues uploading my shell.

I would like to get some hints for getting the link for the file I uploaded. I noted in the source code that new file name will include time element. I am not sure whether the time zone does a matter as the function in php and exploit code (pyth**) seems to generate similar value with no time zone affected.

Thank you so much for your help and have a nice day!

EDIT: Finally got user and now working on root.

PM me if you need help with higher port, I have access to shell using RCE but strugling with enumeration looking for user password, any hint with that?

Hey guys, I’m shin and I really need a help regarding to this machine.
My problem is that I can’t access my shell even though I found the the right directory but it kept redirecting me to the index without the connection of my shell, is this supposed to happen?
I’m doing this without the creds

User:
using HxxxDxxxZ application vuln, you can get user access.
For the exploit, the path should be the path to upload folder and not to HxxxDxxxZ’s root folder as mentionned in the exploit
expolit is independ with your TimeZone as it use timestamp (time in seconds since the epoch as a floating point number.)
Root:
very simple

Any hint for second port (the higher one)?

For all those who need help with the high road, I took it.

  1. Figure out what the high port is doing and how it interacts with the server. Google is your friend here. It is partly a diagram showing the relation between variable quantities.

  2. If you did step 1 right you don’t need to guess anything, just login and enumerate. Play with what you can do and google vulns. Get a copy of the source like others have suggested and keep it handy.

  3. Figure it out? B**** -****** is a pain to do by hand. I strongly suggest you script this yourself. If you do it will come in hand later.

  4. Got the creds but can’t figure out what to do with them? Well you haven’t enumerated enough and you have tunnel vision. There isn’t always just one way in. Still can’t find it? Well you can always try it before you buy it.

  5. So you figured it out and logged in. Enumerate. Look at what you can change. This will seem trivial if you know about the quick and easy exploit but do it anyway. It should be obvious what to do now.

  6. Didn’t luck out with finding the dir? Can’t find your file? Look at the source you kept handy from step 1 for clues. Now, you have probably read the quick exploit already and know what happens. Well forget all that traveling to London nonsense! Go back to step 3.

  7. Now root it. Keep it simple like when you were first learning.

Best of luck. PM me if you need help.

Type your comment> @Shin said:

Hey guys, I’m shin and I really need a help regarding to this machine.
My problem is that I can’t access my shell even though I found the the right directory but it kept redirecting me to the index without the connection of my shell, is this supposed to happen?
I’m doing this without the creds

try to run the exploit right after doing the upload, do it fast

Just rooted this machine, but in a not quite “simple” way. From the posts I noticed everyone else did it with some basic knowledge. Did I missed something?

Can anyone PM me the common way to do it?

pretty straightforward box, popped quite easily doing the proper enumeration, although I got a bit frustrated that my initial foothold exploit wasnt working until I read what it was trying to do. Then root first go 5 mins later. Didnt bother with the higher port stuff. Wasn’t necessary.

I tried to upload webshell to web application (I knew the path, bypass check extension), I once uploaded successfully webshell. However, I cann’t upload it again, i changed my computer’s time zone to london. However, it doesn’t work, i can’t file the path of web shell again. Please help me.

Finally I have beated this challenge. My Hints:

  • User Flag is very tricky. You have to read very well the exploit and understand how the file upload works… Without read the previous posts for me was impossible… When you run the exploit you have to set the upload path and not the root path of the app like says the exploit.

  • Root Flag is veeeeeery easy. You don’t need any enumeration. Only with system info is enough. Basic concepts of post explotation…

Someone can pm me about the high port way? I see the service but I don´t understand what can you do with it.

Hey, stuck on this box. Trying both http services exposed but getting nowhere. Any one able to give me a nudge via pm.

Holy ■■■■ I actually got user.
Unexpected, also somewhat annoying because I spent so long trying to evade the filter.

can’t get it to work, did the time. got the right path, still found nothing.
or get a cross site error. pls help.

ok it was a syntax error got in low lv shell