Hint for HELP

hi guys ,can some of you PM im stuck with the file upload …i think i missing something in my code…btw i get all the time the error when i upload the file with any caind of extension… thank you

Could somebody PM – im pulling my hair out with this box.

I know that my error messages suck. I know the place my rev shell is placed. I know the exploit. I run all 3 together, and… nothing!

Would love to know the trick! Could somebody help me

Hello guys! I have successfully got my user flag, but I don’t understand how to go for root. Where should I start from? Any one suggestions? Just a little hint?

Found the REST alternativ and got some creds. But can’t load page on port *0 also gobuster doesn’t execute on port *0. What do I have to do? Can some give me a hint?

Type your comment> @mava said:

Found the REST alternativ and got some creds. But can’t load page on port *0 also gobuster doesn’t execute on port *0. What do I have to do? Can some give me a hint?

some times the gobuster do not work i download a script try this :GitHub - maurosoria/dirsearch: Web path scanner

@skyghost666
nmap shows there is a ae T W**s page, but I cant reach it with my browser or curl, it just keeps connecting and then timeout…But I can reach the page at port *000, seems strange to me. I am on VIP btw.
Somebody else got this problem?

Rooted , the box its pretty nice thanks for the creator!
User: i been stuck a bit in enumeration, by the time you go in the correct path , read about the exploit searching on google ,apply a little change in the code and you gonna get a shell in a while.
Root : Hi take me 5 minute time to enumerate and privileged escalation.
PM if you need help.
happy hacking!

Wow… This box certainly frustrated me!! I coulnd’t of done it without some hints reading through the forum, so thanks guys. A few hints from me as I know others are driving themselves as crazy…

User - Find the HelpdeskZ install on github and read the .php file that takes care of the file upload and try to understand the location and what happens. If you’re struggling to know what .php file is the configuration for the upload, my only clue is ‘con…’… I took the easy unauthenticated way. . So many people are trying to sanitise the php file… when you submit, check the URL, hopefully this might help… then run the exploit.

Root - wow… I love these kind of priv esc… For me, it was done in just over 4 minutes from getting user - as people have stated… use g0tm1lks guide. If you have worked on it longer than 5-10 minutes, go back to the start of the guide again :)… enjoy guys and for anyone who struggled on User as long as I did… when it works for you, you’ll want to punch yourself in the face haha

Guys I really don’t understand what the exact problem I am facing right now, Got user successfully, going for local privilege and I am using correct exploit, but still I can’t do it. Can anyone please help me in this?

im so close to just quitting this machine and doing something else. no file format is accepted and iv tried using b*** to intercept and see if i can bypass this but i either get file not allowed or Cross . i have no other idea of what i can do for this. i have figured that i have to use rell but its not working.

@JDCCYP Don’t trust errors :wink:

Don’t trust errors :wink:

Did anyone got root recently? Please reply, I need your help.

im trying to upload shell but got “File is not allowed.” alert.How can i evade extansion filter ? plase send me hint pm

@Kontakis ill tell you what everyone has been telling me. Ignore the messages. what i dont undertand is how to access my file. i have the right path 100% sure about it , but its not loading up. iv taken a look at the source code but i was able to access it once before so i dont know whats different now :confused:

Type your comment> @JDCCYP said:

@Kontakis ill tell you what everyone has been telling me. Ignore the messages. what i dont undertand is how to access my file. i have the right path 100% sure about it , but its not loading up. iv taken a look at the source code but i was able to access it once before so i dont know whats different now :confused:

Edit exploit so it will work with your environment… ?

I’m noob…pls someone send me an hint for user…

I have gotten root.
@haqpl, @Nour95, @netzer0
Thanks a lot for your help! :slight_smile:

Rooted yesterday. If any one need help or Hint.

Just PM.

User OWNED !! fucking finally. for those who need help honeslty read the exploit carefully and see how you can make it do a better job. if any1 needs help with user PM me id be happy to help out