Curling

okie nvm got it i was dumb it was syntax error

stuck on the root.txt i can’t find it. also that i don’t have privlage on the root folder.

.

got user and root with a lot of help from @amzker and this forum… for those stuck with Pb file → identify the file type, run transform, identify file, run commands that must be run on the filetype, identify file… repeat … let the file lead you

i was stuck inside the usr shell for quite some time with no idea how to sneak out or privesc. again help from everywhere

stuck at user shell → find interesting dirs, observe file behavior. thanks for the box and all the help… not a pro hence lot of learning on this one :slight_smile:

cheers…

happy to be of help …

found secret.txt what does that meant?

@PHunHouse said:
Got the s****.t** ; not sure where to use this after decoding.

I’m also on the same stage. Not getting username. Tried every combination of written by and all.

Plz PM hint

DM me if you need help.

Type your comment> @ivanlirezn said:

found secret.txt what does that meant?
usually when you want secret to be safe you cipher or encode it

@junzwtf said:
stuck on the root.txt i can’t find it. also that i don’t have privlage on the root folder.
just look around. the answer is right in front of you inside user’s directory. you can also check out processes and who run them.

Type your comment> @ivanlirezn said:

found secret.txt what does that meant?

if you decode the secret … it may let you enter …

EDIT: Made it to user, but now stuck on root ;x

Rooted…
Big shoutout to you guyss @elidev @Johnny5
…pm me for hints…

got root…
you login, upload shell, make some edit then you got root.

Please PM if you need hints… :smiley:

Hey all - noob here. I was able to get a meterpreter shell, but I am having trouble with privlege escalation. If anyone can help, please PM or reply

Could someone please pm with some help on getting root.txt? I currently have a user shell, and I’m stuck. Thank you!

** Got it! DM me for help.

Can someone help me pls? I can’t get root.txt, I have an idea but I might be missing something :frowning:

Got keys for both the user and root, but I’m having a ■■■■ of a time trying to get root shell. No luck so far enumerating… Would love a hint!

Type your comment> @Puru said:

Hey Guys,

Total noob here. i am not able to figure out how to get to the user. found the ad*********** page, tried defaults, found F*****, and then found s******xt … but i have no idea as to where to go from here :confused: can anyone help me here !!!

@Puru I’m in the same step that you were. I have se****.txt looking at the source code, I have the real value with a hash decoder, I’ve scanned with joomscan but i don’t know how to proceed. Any help?

@hippi3c0w said:

I just got a user.txt, I was stuck for a while on the same s*****.t file as you were… You probably want to login to the J** GUI and try to see, if there are any options where you could modify the PHP page. Ping me if you would need help with that. We are slowly running out of time :slight_smile: .

I’m going to get root now. I have pretty good idea how to do that. The forum hints are incredible. You basically have all the information you need in here. Understanding these hints is what takes me quite a lot of time, lol.

Type your comment> @pkaiser said:

@hippi3c0w said:

I just got a user.txt, I was stuck for a while on the same s*****.t file as you were… You probably want to login to the J** GUI and try to see, if there are any options where you could modify the PHP page. Ping me if you would need help with that. We are slowly running out of time :slight_smile: .

I’m going to get root now. I have pretty good idea how to do that. The forum hints are incredible. You basically have all the information you need in here. Understanding these hints is what takes me quite a lot of time, lol.

Thanks for the info, but i’m still lost. Currently i only have access via GUI, no server. I have tried to login via ssh but not way. I was tried to search any other user who posted but i’m not able to find anythyng.

Regarding change PHP code, i only can see something in the post “My first post” and I’ve tried a reverse shell with shell_exec and try to show any user (with whoami).

For my, at the moment, i only have secret.txt file, i’m trying to search for more txt files but i’m still on it.

I also spend more time reading and trying to understand the hints that trying to attack the site hahaha