Curling

any hint on gettig root?
got user a long back but no luck with root

So I’m basically stuck on privesc for root with the i**** file and the r***** file. I recognize the contents of the r***** file, and I also have tried running c*** on the address provided, but I can’t seem to get anywhere… Circling around this for a while now. Can someone who has already rooted the box potentially point me in the direction I should be headed in for this? Thanks!

Hardest parts of this box is getting to what you need to before the dam thing gets reset its a race against time get your shell in a good spot and roll from there. nc the right file back out to terminal and work it on your own box. If you can’t no worries reach out heading for root now but can help with the special file like Bandit mentioned but have better commands to get it quick since its a time race for your shell to be blitzed every 20 mins lol…good luck!

Type your comment> @Johnny5 said:

Hardest parts of this box is getting to what you need to before the dam thing gets reset its a race against time get your shell in a good spot and roll from there. nc the right file back out to terminal and work it on your own box. If you can’t no worries reach out heading for root now but can help with the special file like Bandit mentioned but have better commands to get it quick since its a time race for your shell to be blitzed every 20 mins lol…good luck!

edit: Root! aha hint its all about timing too to edit a certain file look in a nearby folder run commands see a certain thing running under root its prints out something like a? good understand that and understand how to use curl to pull files like think of how kali opens by default see the url? thats a good hint hopefully not to much of a spoiler good luck! hit me up help you further if need be,

Please if anyone is reading this. Try not poison the index page of the website. There are others attempting this box as well…

Rooted. Funny and easy machine… And yes, Joomla allows to upload a php shell in that simple way also in a real scenario…

ROOT DANCE!!!

I’m stuck at privesc, I understand that I need to deal with a****-**** and curl command but I don’t understand which process creates them and how do I grab the root.txt.

a PM with a clue or a tip will be much obliged.

Firstly, please stop nuking the index.php page… there are plenty of alternative vectors that won’t ruin it for everyone. And secondly, I’ve managed to grab the root flag using the neat little trick provided (YAY!) but I’m now stuck trying to pop a root shell. RTFM’ing for the last 12+ hours and I’ve gotten no where in terms of using the same tool to gain access. I’m almost out ideas. Anyone that could nudge me a bit would be very much appreciated!

Stuck on priv esc as well. Ive been reading and enumerating for about 8 hours now lol. Not sure im any closer.

Rooted, had to do a round about way, but got there in the end. No nuke required.

I found the user.txt but cant read it, I know what the contents of p*****_****P are but im having trouble converting it into anything usefull. If anyone could give me a hand send me a PM plzz

Is it just me or is anyone else stuck at the part where we have to upload reverse connection shell?
EDIT:
NVM completed it… Missed one sneaky ■■■■■■■…

Yes. Finally got root!

Type your comment> @c4m said:

Stuck on getting a shell uploaded on the joomla admin panel, tried editing the templates, installing a simple file uploader but nothing seems to work, anyone able to nudge me in the right place?

how to manage files under cms?

can any one help me … i got credentials logged into a***********r page after that what to do i’m stuck and clueless any hint to move further. PM me…

I did it without getting root access or displaying /root/root.txt file !
it’s done without moving out from the user home directory. is that normal !
azasdf74M owned root Curling [+20 ]

Can anyone PM me how they Owend user as i have got root access directly. and read the flags from root. i want to know about user . as i have found one interesting file. PM pe for user .

Finally got root.txt. Was anyone able to actually get root login? I just went after the obvious and learned new… uhh… options for curling in 2019.

need help regarding on root.txt i was able to get the user.txt.