LaCasaDePapel

Hello everyone. Having connected as a user, I change the known file in many ways and upload it in two ways to the user folder. But there is no shell (or there is no root.txt file content). To avoid spoilers I write carefully. Who are interested in the details - please in PM

Can anyone give me a clue? I am stuck on the shell on the high port. Not sure what to do from this point as every command that successfully runs just spews out some code which seems to be of no use.

Type your comment> @Kinjo said:

Due to the fact that I’ve read in previous posts that playing with https is not required, I avoided to transit that path. After some time walking arround, I’m beginning to wonder if it could be a good idea to return to https

As @skordokailas pointed out, it is true that there are two routes to root :wink: I personally went the way of https initially, but had the chance to go the other way. The alternative is only good if you are really familiar with the environment and potential exploit.

Type your comment> @NightFury said:

I’ll try to not spoiler anything, but after getting into the https private part, I’m completely stucked, i can read user.txt file, i got the i*_**a file, but after use it in all /etc/p****d users, still not able to get shell in the machine, is this the intended way of continue or I missed something?

You are on the right path. Make sure you don’t have too broad permissions on the file you got.

Reading through the thread there seems to be an unintended way to diretly get root. I have it already by the intended way I guess. Would really appreciate if some could contact me how the unintended works. Thanks!

As I’m reading… avoiding HTTPS is the unintended way…

I am struggling with the certificate part … I know seems basic but I have been spinning in circles. I got the backdoor and the terrible shell. I am now at a stand still … little help please?

Type your comment> @kilo5150 said:

I am struggling with the certificate part … I know seems basic but I have been spinning in circles. I got the backdoor and the terrible shell. I am now at a stand still … little help please?

Try help in your shell =D

Type your comment> @Kebby22 said:

Type your comment> @kilo5150 said:

I am struggling with the certificate part … I know seems basic but I have been spinning in circles. I got the backdoor and the terrible shell. I am now at a stand still … little help please?

Try help in your shell =D

I am able to look around the system and added my own ssh key to .ssh authorized keys, just to realize I will get another psysh… not sure where to go from here

Could use a nudge for root. Is m*******d the way to go?

i managed to get the https where you choose a season but nothing else any tips thanx

for the life of me i cannot figure out how to get past “Sorry, but you need to provide a client certificate to continue.” I have followed various guides … any hints will be greatly appreciated

Type your comment> @kilo5150 said:

for the life of me i cannot figure out how to get past “Sorry, but you need to provide a client certificate to continue.” I have followed various guides … any hints will be greatly appreciated

try to look through old door keyhole. pm for more.

Rooted

Hints
User: I think there are two ways to get user shell. I used the certificate/https route. Copy/paste and your local host are your friends here.

Root: Don’t need to enumerate too much. Once you see what’s going on, you’ll think you have it. If you don’t get the shell after making the necessary mods, check how some common commands run in this environment. They might not be what you’re used to…

is it me or everyone got 443 port always down

hi! im in front of $t**** variable using p** sl v0.9.9 but i have no idea how to extract something useful, i don’t know how to execute anything, using the command "sh" i can see the code of that variable but i’ve googled all night long but nothing;
i don’t want any hint, just some good guy who can tell me where to study to comprend this ABOMINATION.

When I am trying to import personal certificate in firefox I am getting the following error- “This personal certificate can’t be installed because you do not own the corresponding private key”. Why am I facing this problem? Any help will be appreciated.

Type your comment> @Master123 said:

When I am trying to import personal certificate in firefox I am getting the following error- “This personal certificate can’t be installed because you do not own the corresponding private key”. Why am I facing this problem? Any help will be appreciated.

did you generate correctly the client c** with the correct priv8 key ?

@sazouki Check PM

Please stop killing https server