Curling

EDIT: Made it to user, but now stuck on root ;x

Rooted…
Big shoutout to you guyss @elidev @Johnny5
…pm me for hints…

got root…
you login, upload shell, make some edit then you got root.

Please PM if you need hints… :smiley:

Hey all - noob here. I was able to get a meterpreter shell, but I am having trouble with privlege escalation. If anyone can help, please PM or reply

Could someone please pm with some help on getting root.txt? I currently have a user shell, and I’m stuck. Thank you!

** Got it! DM me for help.

Can someone help me pls? I can’t get root.txt, I have an idea but I might be missing something :frowning:

Got keys for both the user and root, but I’m having a ■■■■ of a time trying to get root shell. No luck so far enumerating… Would love a hint!

Type your comment> @Puru said:

Hey Guys,

Total noob here. i am not able to figure out how to get to the user. found the ad*********** page, tried defaults, found F*****, and then found s******xt … but i have no idea as to where to go from here :confused: can anyone help me here !!!

@Puru I’m in the same step that you were. I have se****.txt looking at the source code, I have the real value with a hash decoder, I’ve scanned with joomscan but i don’t know how to proceed. Any help?

@hippi3c0w said:

I just got a user.txt, I was stuck for a while on the same s*****.t file as you were… You probably want to login to the J** GUI and try to see, if there are any options where you could modify the PHP page. Ping me if you would need help with that. We are slowly running out of time :slight_smile: .

I’m going to get root now. I have pretty good idea how to do that. The forum hints are incredible. You basically have all the information you need in here. Understanding these hints is what takes me quite a lot of time, lol.

Type your comment> @pkaiser said:

@hippi3c0w said:

I just got a user.txt, I was stuck for a while on the same s*****.t file as you were… You probably want to login to the J** GUI and try to see, if there are any options where you could modify the PHP page. Ping me if you would need help with that. We are slowly running out of time :slight_smile: .

I’m going to get root now. I have pretty good idea how to do that. The forum hints are incredible. You basically have all the information you need in here. Understanding these hints is what takes me quite a lot of time, lol.

Thanks for the info, but i’m still lost. Currently i only have access via GUI, no server. I have tried to login via ssh but not way. I was tried to search any other user who posted but i’m not able to find anythyng.

Regarding change PHP code, i only can see something in the post “My first post” and I’ve tried a reverse shell with shell_exec and try to show any user (with whoami).

For my, at the moment, i only have secret.txt file, i’m trying to search for more txt files but i’m still on it.

I also spend more time reading and trying to understand the hints that trying to attack the site hahaha

got user.txt, PM me for hints. Working on priv esc and not sure where to go. Ofc I assume it has to do with “Curl,” so snooping around for that

got root.txt! No root shell though. Please pm/reply with hints

Got root hash.
Got root shell by escalating privilege using a system’s vulnerability.
=> PM if you need help <=

Still Getting CRAZY with how to get a root shell using the “Obvious to use” xURL job.
I’m on this for long, any hint would be appreciated !! Thanks.

=============================================
EDIT:
Got it. Sometimes it is needed to look to the output before you study the input.

Hints for last shell::

  • Consider the output
  • Your mom is not always right, Don’t wash your clothes, sometimes your dirty sock is not that bad.

=> PM if you need help <=

am sure that decoded secret.*** and am typing the right user and still can’t login in to panel idk
pls am i on the right path pm pls

Type your comment> @ghost0437 said:

Rooted…
Big shoutout to you guyss @elidev @Johnny5
…pm me for hints…

Indeed anytime!!!

ROOTED anyone need help PM ME
I WILL BE HAPPY FOR

Any clues on how to gain root.txt or root shell after gaining user shell?

I see that the input file affects the report file in the a-a directory…

Thanks @secn0rm @Psycho00 managed to get the root.txt

Going to use a similar method to try and get a root shell.

hi , can so give me a hint regarding p******_*****p…i got no idea what to do with that hexdump. thx :slight_smile:

Type your comment> @ElCzw said:

hi , can so give me a hint regarding p******_*****p…i got no idea what to do with that hexdump. thx :slight_smile:

Compression and decompression ?

Need help I also get the same error . Please PM me if anyone available .