Curling

Is it just me or is anyone else stuck at the part where we have to upload reverse connection shell?
EDIT:
NVM completed it… Missed one sneaky ■■■■■■■…

Yes. Finally got root!

Type your comment> @c4m said:

Stuck on getting a shell uploaded on the joomla admin panel, tried editing the templates, installing a simple file uploader but nothing seems to work, anyone able to nudge me in the right place?

how to manage files under cms?

can any one help me … i got credentials logged into a***********r page after that what to do i’m stuck and clueless any hint to move further. PM me…

I did it without getting root access or displaying /root/root.txt file !
it’s done without moving out from the user home directory. is that normal !
azasdf74M owned root Curling [+20 ]

Can anyone PM me how they Owend user as i have got root access directly. and read the flags from root. i want to know about user . as i have found one interesting file. PM pe for user .

Finally got root.txt. Was anyone able to actually get root login? I just went after the obvious and learned new… uhh… options for curling in 2019.

need help regarding on root.txt i was able to get the user.txt.

Does anyone know why I kept getting “SMB shares are not supported in file” error when I execute the c*** command to get root?

okie nvm got it i was dumb it was syntax error

stuck on the root.txt i can’t find it. also that i don’t have privlage on the root folder.

.

got user and root with a lot of help from @amzker and this forum… for those stuck with Pb file → identify the file type, run transform, identify file, run commands that must be run on the filetype, identify file… repeat … let the file lead you

i was stuck inside the usr shell for quite some time with no idea how to sneak out or privesc. again help from everywhere

stuck at user shell → find interesting dirs, observe file behavior. thanks for the box and all the help… not a pro hence lot of learning on this one :slight_smile:

cheers…

happy to be of help …

found secret.txt what does that meant?

@PHunHouse said:
Got the s****.t** ; not sure where to use this after decoding.

I’m also on the same stage. Not getting username. Tried every combination of written by and all.

Plz PM hint

DM me if you need help.

Type your comment> @ivanlirezn said:

found secret.txt what does that meant?
usually when you want secret to be safe you cipher or encode it

@junzwtf said:
stuck on the root.txt i can’t find it. also that i don’t have privlage on the root folder.
just look around. the answer is right in front of you inside user’s directory. you can also check out processes and who run them.

Type your comment> @ivanlirezn said:

found secret.txt what does that meant?

if you decode the secret … it may let you enter …

EDIT: Made it to user, but now stuck on root ;x